Feeds

Google exec questions Reding's 'Right to be forgotten' pledge

Says certain aspects of article 17 are 'unworkable'

Top 5 reasons to deploy VMware with Tegile

CPDP Google's privacy policy counsel in Brussels has questioned certain parts of European Commissioner Viviane Reding's freshly tabled draft bill on data protection law within the EU.

Marisa Jimenez, who was speaking at the Computer, Privacy and Data Protection (CPDP) conference in the Belgian capital today, expressed concern about some of the passages written under article 17 of the proposed regulation.

Reding's so-called "right to be forgotten" on the internet plans have, in part, been welcomed by Google, Jimenez claimed.

But she noted that the current text submitted by the European Commission is incredibly complex and thereby open to any number of interpretations by data protection authorities and companies that could be expected to comply with the rules, if passed by the European Parliament in their current form.

Here's what Reding's proposed regulation currently states on the "right to be forgotten":

Article 17 provides the data subject's right to be forgotten and to erasure. It further elaborates and specifies the right of erasure provided for in Article 12(b) of Directive 95/46/EC and provides the conditions of the right to be forgotten, including the obligation of the controller which has made the personal data public to inform third parties on the data subject's request to erase any links to, or copy or replication of that personal data. It also integrates the right to have the processing restricted in certain cases, avoiding the ambiguous terminology 'blocking'.

Rosa Barcelo, a privacy and data protection specialist working for the Commission who was also present on the CPDP panel, pointed out that Reding's plans had already been relaxed from a "full obligation" on the part of an individual business and its handling of user data to a "best effort" requirement.

Google's Jimenez said that the overall "objective" of the "right to be forgotten" article was a "positive" one and added that the first part of that proposal that gives users the ability to object to their data being held was a good one. "Google agrees with that," she said. "In fact, we already do that.

"The question comes when deleting data placed on a third party that has very little control of what's been done with that data... Some of the scenarios enter well, others are rather unworkable. The way it is drafted is very unclear. It's a right, but written in a very technical way and not everyone will understand it in the same way when they read it."

The Google counsel said that she hoped that aspect of article 17 would be "clarified as we move forward in the legislative process".

Two other corporate representatives on the same panel - Christoph Luykx from Intel and Mikko Niva from Nokia - touched on industry concerns about shifting more personal information policing over to data controllers.

"We are a little bit wary about this administrative burden that now seems to be surfacing," Niva said. He reckoned that a standardised assessment was simplistic and warned there was a "risk of slowing down products to market."

He claimed the tech industry was better placed to define the "best methodologies."

Jimenez chimed in by saying she "agreed completely" with the Nokia exec's concerns.

"While the goal [of rewriting the EC's data protection legislation] was good, the question is... have these rules become another layer of compliance required?" Google's EU law specialist asked, before adding that "further thought" was needed.

Nokia's Niva added that he believed the requirement for a business to notify a DPA about a data breach within 24 hours was "a very tough deadline". He said that no one wanted "a regime where all kinds of fairly meaningless breaches are reported to the public and DPAs". He said that there should be thresholds built into the planned regulation "to make it sensible".

The panel also briefly touched on the notion of "privacy by design", which has formed part of Reding's recent agenda.

"I think that many of the elements of 'privacy by design' are in the new law," noted Jimenez. "The question is when you have a recipe you might have the ingredients but you have to know how much of what to put in to get the end result. The law cannot work out the quantities," she added. "The law cannot tell you how to do it."

The confab finished with something of a flourish from Barcelo, who turned to Jimenez and co and said privacy was "very relevant". To her it's an "economic asset" for businesses. She concluded: "There's lots of excitement about this in Parliament, a lot of fun." ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.