Feeds

Google de-listing of BBC article 'broke UK and Euro public interest laws' - So WHY do it?

Stunt backfires on ad giant

Mobile application security vulnerability report

Google's publicity stunt this week, in which it de-linked selected mass media articles and posts from its search results and informed the journalists in question it had done so, appears to have been illegal.

The gigantic advertising company now faces the prospect of having to re-link to articles it has de-linked in the UK in recent weeks.

Newswires suggest that Google has performed a U-turn on the de-linking. Yesterday we predicted the high-risk strategy might backfire.

Google was trying to cast the recent European "right to be forgotten" ruling in a bad light. The recent court decision permits citizens to request that old, out of date or irrelevant material be de-linked from a search - for instance of their name - if (and that's a big "if") there isn't a public interest. The beaks decided that the continuous re-publication of old and irrelevant material, in such a massive, pervasive medium as Google's search engine, could be a huge invasion of an individual's privacy.

Google isn't happy with the ruling, and now it has gone beyond its initial moves to turn public opinion against the decision. Earlier this week, Google tipped off selected journalists that their work had been "disappeared" from its searches in response to requests made based on the European ruling.

The Guardian's James Ball received one and predictably, he walked into the trap*. Ball warned of a grave and imminent threat to free expression, and opined that the burden of compliance with the ruling should fall on publishers - not on Google.

Robert Peston at the BBC didn't quite follow the script, however: he queried why Google was de-linking an article where there was clearly a public-interest justification for keeping it known. (Peston's article was about a banker who had been implicated in the crises leading to the recent economic downturn.)

Google was saying it had been forced to "break the internet" - but it wasn't Google's fault, it was the European judges'.

However, legal experts have told us that by de-linking, Google was not respecting its legal obligations. Specifically, Google was failing to comply with English (and EU) data protection obligations and weigh the public's right to freedom of expression to read those articles. Which is ironic, given how much time Google spends preening itself as a champion of the public's right to, er, free expression.


"Me? Comply with the law? Oh, Mum..."

How so? Serena Tierney of law firm Bircham Dyson Bell clarified the law for us:

"When Google receives a request to de-link, it must consider whether any damage to the person making the request is outweighed by a relevant public interest in keeping the link. In the case of [Merrill Lynch chairman] Stan O'Neal [original here], it's a no-brainer, there's a clear public interest in that information remaining available."

Google could have decided to take a simpler, cheaper course. It could decline some of the requests and bounce them up to the Information Commissioner, starting a long (but cheap to Google) legal process. "A simple refusal would entail Google telling the data subject they are not entitled to have the link taken down. It's then up to the subject to appeal to the Information Commissioner." That would almost certainly reduce the number of requests that are pursued.

Were it to decide to decline all the requests and bounce them up to the Information Commissioner, it would be legally risky because it is required to consider each request individually and not to apply a blanket policy of refusing them.

The risk to Google is that the Information Commissioner might choose to serve an enforcement notice on it, and ultimately issue a fine. However, the maximum fine is merely £500,000.

Tierney reminded us that the CJEU's ruling isn't the black letter law that citizens and data controllers must abide by: it's the implementation of the EU Data Protection Directive. Each EU member state has written its own data protection law but they must all be interpreted to comply with the CJEU ruling.

Yet all must include a mechanism to balance Freedom of Expression with the right to Privacy, they are both considered a "Fundamental Right" in Europe.

"We're still speaking to Google at the moment", the ICO told us. "We welcome the extent to which the judgement upholds data protection rights of individuals and confirms the powers of data protection authorities. We will be studying the judgment in detail and considering the practical implications for individuals, businesses and ourselves."

The commenter red herring

Peston speculated whether a commenter under his BBC blog post had made the de-linking request, not O'Neal. But this can't be right, Tierney thinks, because a commenter has no additional rights under the CJEU ruling. What constitutes an invasion of privacy is the snippets of the search results that Google displays - but with a blog post or newspaper article, these only ever show the headline and first paragraph.

No matter which way you slice it, Google has at best misinterpreted the law, and wrongly de-linked Peston's legitimate story. As this piece is written, it appears that the advertising monolith is now re-linking to articles it had de-listed: it may not be a coincidence that google.co.uk went down for approximately 10 minutes shortly before 11am UK time.

The price of this week's PR stunt is mounting. ®

Bootnote

*This is not the first time Ball has shot himself spectacularly in both feet. A rant last year entitled "Why are the LulzSec hackers being locked up?" talked about centrifuges as the key component of a nuclear reactor. Yes, James: the thing that spins round really fast, it makes all that nooclear power. Obviously.

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.