Feeds

Google exec questions Reding's 'Right to be forgotten' pledge

Says certain aspects of article 17 are 'unworkable'

High performance access to file storage

CPDP Google's privacy policy counsel in Brussels has questioned certain parts of European Commissioner Viviane Reding's freshly tabled draft bill on data protection law within the EU.

Marisa Jimenez, who was speaking at the Computer, Privacy and Data Protection (CPDP) conference in the Belgian capital today, expressed concern about some of the passages written under article 17 of the proposed regulation.

Reding's so-called "right to be forgotten" on the internet plans have, in part, been welcomed by Google, Jimenez claimed.

But she noted that the current text submitted by the European Commission is incredibly complex and thereby open to any number of interpretations by data protection authorities and companies that could be expected to comply with the rules, if passed by the European Parliament in their current form.

Here's what Reding's proposed regulation currently states on the "right to be forgotten":

Article 17 provides the data subject's right to be forgotten and to erasure. It further elaborates and specifies the right of erasure provided for in Article 12(b) of Directive 95/46/EC and provides the conditions of the right to be forgotten, including the obligation of the controller which has made the personal data public to inform third parties on the data subject's request to erase any links to, or copy or replication of that personal data. It also integrates the right to have the processing restricted in certain cases, avoiding the ambiguous terminology 'blocking'.

Rosa Barcelo, a privacy and data protection specialist working for the Commission who was also present on the CPDP panel, pointed out that Reding's plans had already been relaxed from a "full obligation" on the part of an individual business and its handling of user data to a "best effort" requirement.

Google's Jimenez said that the overall "objective" of the "right to be forgotten" article was a "positive" one and added that the first part of that proposal that gives users the ability to object to their data being held was a good one. "Google agrees with that," she said. "In fact, we already do that.

"The question comes when deleting data placed on a third party that has very little control of what's been done with that data... Some of the scenarios enter well, others are rather unworkable. The way it is drafted is very unclear. It's a right, but written in a very technical way and not everyone will understand it in the same way when they read it."

The Google counsel said that she hoped that aspect of article 17 would be "clarified as we move forward in the legislative process".

Two other corporate representatives on the same panel - Christoph Luykx from Intel and Mikko Niva from Nokia - touched on industry concerns about shifting more personal information policing over to data controllers.

"We are a little bit wary about this administrative burden that now seems to be surfacing," Niva said. He reckoned that a standardised assessment was simplistic and warned there was a "risk of slowing down products to market."

He claimed the tech industry was better placed to define the "best methodologies."

Jimenez chimed in by saying she "agreed completely" with the Nokia exec's concerns.

"While the goal [of rewriting the EC's data protection legislation] was good, the question is... have these rules become another layer of compliance required?" Google's EU law specialist asked, before adding that "further thought" was needed.

Nokia's Niva added that he believed the requirement for a business to notify a DPA about a data breach within 24 hours was "a very tough deadline". He said that no one wanted "a regime where all kinds of fairly meaningless breaches are reported to the public and DPAs". He said that there should be thresholds built into the planned regulation "to make it sensible".

The panel also briefly touched on the notion of "privacy by design", which has formed part of Reding's recent agenda.

"I think that many of the elements of 'privacy by design' are in the new law," noted Jimenez. "The question is when you have a recipe you might have the ingredients but you have to know how much of what to put in to get the end result. The law cannot work out the quantities," she added. "The law cannot tell you how to do it."

The confab finished with something of a flourish from Barcelo, who turned to Jimenez and co and said privacy was "very relevant". To her it's an "economic asset" for businesses. She concluded: "There's lots of excitement about this in Parliament, a lot of fun." ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.