Feeds

Google de-listing of BBC article 'broke UK and Euro public interest laws' - So WHY do it?

Stunt backfires on ad giant

Choosing a cloud hosting partner with confidence

Google's publicity stunt this week, in which it de-linked selected mass media articles and posts from its search results and informed the journalists in question it had done so, appears to have been illegal.

The gigantic advertising company now faces the prospect of having to re-link to articles it has de-linked in the UK in recent weeks.

Newswires suggest that Google has performed a U-turn on the de-linking. Yesterday we predicted the high-risk strategy might backfire.

Google was trying to cast the recent European "right to be forgotten" ruling in a bad light. The recent court decision permits citizens to request that old, out of date or irrelevant material be de-linked from a search - for instance of their name - if (and that's a big "if") there isn't a public interest. The beaks decided that the continuous re-publication of old and irrelevant material, in such a massive, pervasive medium as Google's search engine, could be a huge invasion of an individual's privacy.

Google isn't happy with the ruling, and now it has gone beyond its initial moves to turn public opinion against the decision. Earlier this week, Google tipped off selected journalists that their work had been "disappeared" from its searches in response to requests made based on the European ruling.

The Guardian's James Ball received one and predictably, he walked into the trap*. Ball warned of a grave and imminent threat to free expression, and opined that the burden of compliance with the ruling should fall on publishers - not on Google.

Robert Peston at the BBC didn't quite follow the script, however: he queried why Google was de-linking an article where there was clearly a public-interest justification for keeping it known. (Peston's article was about a banker who had been implicated in the crises leading to the recent economic downturn.)

Google was saying it had been forced to "break the internet" - but it wasn't Google's fault, it was the European judges'.

However, legal experts have told us that by de-linking, Google was not respecting its legal obligations. Specifically, Google was failing to comply with English (and EU) data protection obligations and weigh the public's right to freedom of expression to read those articles. Which is ironic, given how much time Google spends preening itself as a champion of the public's right to, er, free expression.


"Me? Comply with the law? Oh, Mum..."

How so? Serena Tierney of law firm Bircham Dyson Bell clarified the law for us:

"When Google receives a request to de-link, it must consider whether any damage to the person making the request is outweighed by a relevant public interest in keeping the link. In the case of [Merrill Lynch chairman] Stan O'Neal [original here], it's a no-brainer, there's a clear public interest in that information remaining available."

Google could have decided to take a simpler, cheaper course. It could decline some of the requests and bounce them up to the Information Commissioner, starting a long (but cheap to Google) legal process. "A simple refusal would entail Google telling the data subject they are not entitled to have the link taken down. It's then up to the subject to appeal to the Information Commissioner." That would almost certainly reduce the number of requests that are pursued.

Were it to decide to decline all the requests and bounce them up to the Information Commissioner, it would be legally risky because it is required to consider each request individually and not to apply a blanket policy of refusing them.

The risk to Google is that the Information Commissioner might choose to serve an enforcement notice on it, and ultimately issue a fine. However, the maximum fine is merely £500,000.

Tierney reminded us that the CJEU's ruling isn't the black letter law that citizens and data controllers must abide by: it's the implementation of the EU Data Protection Directive. Each EU member state has written its own data protection law but they must all be interpreted to comply with the CJEU ruling.

Yet all must include a mechanism to balance Freedom of Expression with the right to Privacy, they are both considered a "Fundamental Right" in Europe.

"We're still speaking to Google at the moment", the ICO told us. "We welcome the extent to which the judgement upholds data protection rights of individuals and confirms the powers of data protection authorities. We will be studying the judgment in detail and considering the practical implications for individuals, businesses and ourselves."

The commenter red herring

Peston speculated whether a commenter under his BBC blog post had made the de-linking request, not O'Neal. But this can't be right, Tierney thinks, because a commenter has no additional rights under the CJEU ruling. What constitutes an invasion of privacy is the snippets of the search results that Google displays - but with a blog post or newspaper article, these only ever show the headline and first paragraph.

No matter which way you slice it, Google has at best misinterpreted the law, and wrongly de-linked Peston's legitimate story. As this piece is written, it appears that the advertising monolith is now re-linking to articles it had de-listed: it may not be a coincidence that google.co.uk went down for approximately 10 minutes shortly before 11am UK time.

The price of this week's PR stunt is mounting. ®

Bootnote

*This is not the first time Ball has shot himself spectacularly in both feet. A rant last year entitled "Why are the LulzSec hackers being locked up?" talked about centrifuges as the key component of a nuclear reactor. Yes, James: the thing that spins round really fast, it makes all that nooclear power. Obviously.

Security for virtualized datacentres

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.