The Register® — Biting the hand that feeds IT

Feeds

Google: Our 'freedom of expression' should trump punters' privacy

'Right to be forgotten' is overrated, huffs search giant

By OUT-LAW.COM, 27th February 2013
  • print
  • alert

Agentless Backup is Not a Myth

Google has called on the EU's highest court to uphold its right to display links to published "valid legal material" in the face of calls from Spain's data protection authority to remove links on the grounds of privacy.

The Court of Justice of the European Union (CJEU) is due today to stage a hearing on a case in which it has been asked to rule whether it is lawful for search engines to be forced to delete information they do not create but display in search results.

According to a statement from the CJEU, the case before it was triggered when individuals complained to Spain's data protection authority (AEPD) about results that appeared in Google's search rankings. The AEPD ordered Google to "take the necessary measures to withdraw the data from their index and to render future access to the information impossible via their search engine" but Google and Google Spain both appealed against that order to the Spanish courts.

The Audiencia Nacional in Spain has, though, asked the CJEU to provide a ruling on aspects of EU data protection laws in order to enable it to make a judgment in the case. It has been asked fundamentally to determine whether Google can be considered a 'data controller' that is required to comply with the data protection regime.

Google has argued that as its search engine business is based in the US the EU's Data Protection Directive should not be applied to it. It has said that the fact it has a Spanish subsidiary is irrelevant because that business is only responsible for selling advertising on Google and has no role in the operation of the search engine itself," according to the CJEU's statement.

However, the AEPD has argued that Google is subject to the Directive's rules, should be considered to be a 'data controller' and should be required to "remove [personal data] when that data has been lawfully published on another website and is kept on the page from which it originates".

Under current EU data protection laws organisations are generally allowed only to collect and store personal data that is strictly necessary and proportionate for its purposes. Individuals have the "right to obtain, at his request ... the rectification, erasure or blocking of data which are incomplete, inaccurate or stored in a way incompatible with the legitimate purposes pursued" by organisations that hold their personal data.

This 'right to be forgotten' would be expanded upon under proposed new EU data protection laws drafted by the European Commission. Under the regime a specific qualified 'right to be forgotten' would be particularly specified and would give individuals a general right to force organisations to delete personal data stored about them "without delay". Organisations that make the data public would be liable for the data published by third parties and would be required to "take all reasonable steps, including technical measures" to inform them to delete the information.

However, organisations would be able to oppose the deletion of information if they could show they have a right to publish the data under the fundamental principle of freedom of expression or if it is in the public interest for the data to remain in existence.

In a blog about the CJEU hearing, Google called on the court to give greater weight to its freedom of expression rights than to the privacy rights of individuals. It said that the particular case referred to the CJEU from the Audiencia Nacional is one of approximately 180 similar cases currently before the Spanish courts.

"We were asked to remove links from our search results that point to a legal notice published in a newspaper," William Echikson, Google's head of free expression in European and the Middle East said of the case referred to the CJEU. "The notice, announcing houses being auctioned off as part of a legal proceeding, is required under Spanish law and includes factually correct information that is still publicly available on the newspaper’s website."

"There are clear societal reasons why this kind of information should be publicly available. People shouldn't be prevented from learning that a politician was convicted of taking a bribe, or that a doctor was convicted of malpractice. The substantive question before the Court today is whether search engines should be obliged to remove links to valid legal material that still exists online. We believe the answer to that question is 'no'," he said.

"Search engines point to information that is published online - and in this case to information that had to be made public, by law. In our view, only the original publisher can take the the decision to remove such content. Once removed from the source webpage, content will disappear from a search engine's index. Of course, there will also be times when information is published online that is subsequently found by a court to be incorrect, defamatory or otherwise illegal. Such content can be removed from the source website and from search engines. But search engines should not be subject to censorship of legitimate content for the sake of privacy - or for any other reason," Echikson added.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

What you need to know about cloud backup

COMMENTS

House Rules Send Corrections
All Reader Comments (39)
Highly Rated
Fred Flintstone

MASSIVE red flag here

I think the arguments in this case throw up a massive red flag - Google used the exact one argument they should never be allowed to get away with, irrespective of the actual issue at hand.

The red flag is for using the argument "we are a US company (but Google Spain actually isn't) so we should be wallowed to fully ignore EU law whilst collecting revenue here". That argument should not be allowed to stand in any way, shape or form as it would make a mockery of EU data laws.

Now, the actual issue is interesting, because it has come about by Google manoeuvring itself into the pole position of "path to find things on the Internet" by being what used to be about the best search engine (it still is, but that may not last as result ranking and advertising is starting to make a mess of it and increasingly demonstrates the risk of someone having a monopoly position in that respect). Thus, Google has become part of the route we use to find information - and has thus considerable influence on our ability to find or not find information.

The question in this case is thus if Google can get away with claiming to be the equivalent of a common carrier. I'm on the fence on this one. Sure, it's a massive thing to get to grips with personal information, but given that (AFAIK) Google collects in excess of requirement without adequate permission makes it almost a given that Google has thus saddled itself with the burden of having to take care of that information - if only because they could be ordered to destroy that in a more thorough fashion than they did with the Streetview data.

11
0
DavCrav

The law is an attempt to return to a bygone age

The point is, if I commit (say) a driving offence, and it gets reported in the paper, I get convicted, and then the conviction becomes spent years later, the following happens:

1) Pre-Internet, this information was available by searching through microfiches in libraries, or looking up court records, but you had to be committed.

2) Post-Internet, a quick search of a newspaper website or Google finds that Mr Smith of Example Road was convicted of speeding.

This is the difference between "available" and "readily available". Long-past events in ones' history, for example being arrested -- but never even charged -- for an offence maybe shouldn't be easily accessible for anyone who wants to look for it with a few presses of the button.

At any rate, this is a debate for the EU and its citizens, and Google can fuck off. We will inform them of any decision that we have taken, and they can then obey the law or, again, fuck off.

6
0
mordac

EU vs US

"Google has argued that as its search engine business is based in the US the EU's Data Protection Directive should not be applied to it."

Presumably by the same logic an EU company with a US subsidiary could claim exemption from US laws?

I'd love to see how that would work out.

WRT the actual case, as I understand it, the complaint is that the information must be published by law, but they don't want anyone to be able to find it.

Wouldn't a suitable robots.txt provide a solution for this?

6
0

More from The Register

SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
116
breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
NSA whistleblower to tech firms, Obama: 'Grow a pair!'
Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'
66
breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
124
breaking news
Ecuador: All right, Julian, you CAN stay on our sofa - it's your human right
Minister and Wikileaker share cosy chat in tiny London flat
65
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
41
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68