Feeds

Google exec questions Reding's 'Right to be forgotten' pledge

Says certain aspects of article 17 are 'unworkable'

The smart choice: opportunity from uncertainty

CPDP Google's privacy policy counsel in Brussels has questioned certain parts of European Commissioner Viviane Reding's freshly tabled draft bill on data protection law within the EU.

Marisa Jimenez, who was speaking at the Computer, Privacy and Data Protection (CPDP) conference in the Belgian capital today, expressed concern about some of the passages written under article 17 of the proposed regulation.

Reding's so-called "right to be forgotten" on the internet plans have, in part, been welcomed by Google, Jimenez claimed.

But she noted that the current text submitted by the European Commission is incredibly complex and thereby open to any number of interpretations by data protection authorities and companies that could be expected to comply with the rules, if passed by the European Parliament in their current form.

Here's what Reding's proposed regulation currently states on the "right to be forgotten":

Article 17 provides the data subject's right to be forgotten and to erasure. It further elaborates and specifies the right of erasure provided for in Article 12(b) of Directive 95/46/EC and provides the conditions of the right to be forgotten, including the obligation of the controller which has made the personal data public to inform third parties on the data subject's request to erase any links to, or copy or replication of that personal data. It also integrates the right to have the processing restricted in certain cases, avoiding the ambiguous terminology 'blocking'.

Rosa Barcelo, a privacy and data protection specialist working for the Commission who was also present on the CPDP panel, pointed out that Reding's plans had already been relaxed from a "full obligation" on the part of an individual business and its handling of user data to a "best effort" requirement.

Google's Jimenez said that the overall "objective" of the "right to be forgotten" article was a "positive" one and added that the first part of that proposal that gives users the ability to object to their data being held was a good one. "Google agrees with that," she said. "In fact, we already do that.

"The question comes when deleting data placed on a third party that has very little control of what's been done with that data... Some of the scenarios enter well, others are rather unworkable. The way it is drafted is very unclear. It's a right, but written in a very technical way and not everyone will understand it in the same way when they read it."

The Google counsel said that she hoped that aspect of article 17 would be "clarified as we move forward in the legislative process".

Two other corporate representatives on the same panel - Christoph Luykx from Intel and Mikko Niva from Nokia - touched on industry concerns about shifting more personal information policing over to data controllers.

"We are a little bit wary about this administrative burden that now seems to be surfacing," Niva said. He reckoned that a standardised assessment was simplistic and warned there was a "risk of slowing down products to market."

He claimed the tech industry was better placed to define the "best methodologies."

Jimenez chimed in by saying she "agreed completely" with the Nokia exec's concerns.

"While the goal [of rewriting the EC's data protection legislation] was good, the question is... have these rules become another layer of compliance required?" Google's EU law specialist asked, before adding that "further thought" was needed.

Nokia's Niva added that he believed the requirement for a business to notify a DPA about a data breach within 24 hours was "a very tough deadline". He said that no one wanted "a regime where all kinds of fairly meaningless breaches are reported to the public and DPAs". He said that there should be thresholds built into the planned regulation "to make it sensible".

The panel also briefly touched on the notion of "privacy by design", which has formed part of Reding's recent agenda.

"I think that many of the elements of 'privacy by design' are in the new law," noted Jimenez. "The question is when you have a recipe you might have the ingredients but you have to know how much of what to put in to get the end result. The law cannot work out the quantities," she added. "The law cannot tell you how to do it."

The confab finished with something of a flourish from Barcelo, who turned to Jimenez and co and said privacy was "very relevant". To her it's an "economic asset" for businesses. She concluded: "There's lots of excitement about this in Parliament, a lot of fun." ®

Designing a Defense for Mobile Applications

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.