Feeds

Google NOT REQUIRED to wipe 'sensitive' search results after all

But MUST adhere to EU data law, says Court of Justice advocate general

Mobile application security vulnerability report

The European Union's Court of Justice has agreed with Google by saying that search engine providers should not be held responsible for the type of personal data that appears on web pages it processes.

Even though Google is required to comply with European privacy law, the company is not obliged to remove sensitive legal content from its search index, the EU's advocate general Niilo Jääskinen said in a court opinion today.

The court explained Jääskinen's opinion (PDF, 3 pages), which is likely to be adopted by the EU:

It is possible that the secondary liability of the search engine service providers under national law may lead to duties amounting to blocking access to third party websites with illegal content such as web pages infringing intellectual property rights or displaying libellous or criminal information.

In contrast, requesting search engine service providers to suppress legitimate and legal information that has entered the public domain would entail an interference with the freedom of expression of the publisher of the web page.

In his view, it would amount to censorship of his published content by a private party.

Judges in the Court of Justice are not required to be bound by the advocate general's views. They will deliberate the case before passing judgment.

Jääskinen's opinion followed a man complaining to Google's Spain office in 2010 about search results that showed a link to a newspaper article which was first printed in 1998, reporting on a real-estate auction connected with attachment proceedings prompted by social security debts.

The man had asked Google to kill the links to the story after he discovered it returned links directly to the article when his "name and surnames" were entered into the search engine.

He later lodged a complaint with Spain's data authority against both the newspaper publisher and Google, which was partially upheld by the watchdog.

Google was told to delete the data from its search index and to prevent any future access to the newspaper article. However, the complaint against the publisher was rejected on the grounds that the story's appearance in the press was "legally justified".

Since then, Google has appealed against the Spanish regulator's decision on two separate occasions. All of which led to that country's court referring a number of questions to the EU's advocate general.

The outcome of the Court of Justice's ruling will set a precedent for many similar cases currently wading their way through various judicial systems in the 27-member bloc.

One such high-profile case involves the former Fédération Internationale de l'Automobile boss Max Mosley, who is suing Google in a Hamburg court, claiming that Mountain View is breaking German privacy laws by continuing to host a video which shows him engaging in a thrash'n'tickle session with a group of prostitutes.

However, the opinion was not all good news for Google, given that Jääskinen said that the US company was bound by data legislation in Europe. That's because Google - which is, after all, an advertising giant - processes ads within the EU.

Here's how the Court of Justice explained the advocate general's position on the matter:

The entity in charge of keyword advertising is linked to the internet search engine. This entity needs a presence on national advertising markets and that is why Google has established subsidiaries in many Member States.

Hence, in his view, it must be considered that an establishment processes personal data if it is linked to a service involved in selling targeted advertising to inhabitants of a Member State, even if the technical data processing operations are situated in other Member States or third countries.

All of which means the screws are slowly being tightened on tech companies from outside the EU who process European citizens' data.

Google, meanwhile, is also having to face off data protection authorities in the UK, France, Germany, Italy and the Netherlands over the ad giant's decision to change its privacy policy in March 2012 - which the French watchdog has already said breaches its data law. ®

Mobile application security vulnerability report

More from The Register

next story
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
US Social Security 'wasted $300 million on an IT BOONDOGGLE'
Scrutiny committee bods probe derailed database project
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.