Feeds

French authorities take lead in grilling Google on 'Right to be Forgotten'

Will that be medium or raaaaare?

Internet Security Threat Report 2014

Google, Yahoo! and Bing have been grilled by the EU’s top data protection tzars.

Representatives from the search engines were asked by the Article 29 Working Party (A29WP) how they plan to manage requests to take down links to outdated or irrelevant information.

On 13 May, the European Court of Justice (ECJ) ordered Google to delete links to information about a mortgage foreclosure after the Spanish national involved successfully argued that the information had become irrelevant over time. This prompted a frenzy of reports that the ECJ had effectively created a “right to be forgotten”.

In reality, the scope of the ruling was more limited, but in the following weeks Google received more than 90,000 requests to remove links to “outdated” data. Bing and Yahoo! received significantly fewer requests – the former fielded only 12, as we wrote at the time.

There is no absolute right to have information deleted, and Google will have to weigh a number of criteria in responding to the requests to delete links, including relevance of the information, and the time passed since the facts related, explained the Data Protection Supervisor (EDPS) at the time.

Nonetheless the A29WP, which is made up of the data protection commissioners from all 28 EU countries as well as the EDPS, wanted to know how precisely the search engines were handling these requests.

CNIL, the French data protection authority, firmly took the lead on questioning at Thursday’s meeting. In particular, it asked whether the search engines inform the publishers that a link to their website has been removed, and whether they provide a "warning" that the search results have been modified.

The information gathered at the meeting will be used to create guidelines for data protection authorities who may have to handle complaints about the process. These guidelines are likely to be published before the end of the year.

However, the A29WP will not be producing any such guidelines for search engines.

According to those present at the meeting, the A29WP is concerned that there should be a Europe-wide implementation of the ECJ ruling where users requesting the removal of a link will be treated equally regardless of which country they live in.

The search engines were asked what information they request from a data subject prior to considering a delisting request in order to substantiate their complaint.

Following widespread concern from digital civil liberties groups, who believe that profit-making companies should not be making judgments about what is in the public interest at all, Google, Yahoo! and Microsoft were asked how they balance their economic interest and/or the interest of the general public in having access to information.

They also want to clarify under what circumstances search engines can refuse this request.

However, to date, Google appears to be going to the other extreme - taking down links on the flimsiest of grounds.

Following revelations in June that Google was only removing links from searches performed through its EU domains and not Google.com, the A29WP also enquired whether this was likely to change.

The search engines have another week to answer a further 19 questions in writing.

These include:

  1. Do you ask for a proof of identify or some other form of authentication and if yes, what kind?
  2. Do you accept general claims to delist all search results linking to a news report?
  3. Do you ever permanently delist hyperlinks in response to a removal request, as opposed to delisting?
  4. How do you treat removal requests with regard to hyperlinks to pages that do not or no longer contain the name of the data subject?
  5. Do you notify users through the search results page that some results have been removed according to EU law?
  6. What is the legal basis for this and why is this notice sometimes displayed even in the absence of removal?

Article 29 Data Protection Working Party questions from member-states' data protection watchdogs (PDF). ®

Internet Security Threat Report 2014

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.