Feeds

French authorities take lead in grilling Google on 'Right to be Forgotten'

Will that be medium or raaaaare?

Security for virtualized datacentres

Google, Yahoo! and Bing have been grilled by the EU’s top data protection tzars.

Representatives from the search engines were asked by the Article 29 Working Party (A29WP) how they plan to manage requests to take down links to outdated or irrelevant information.

On 13 May, the European Court of Justice (ECJ) ordered Google to delete links to information about a mortgage foreclosure after the Spanish national involved successfully argued that the information had become irrelevant over time. This prompted a frenzy of reports that the ECJ had effectively created a “right to be forgotten”.

In reality, the scope of the ruling was more limited, but in the following weeks Google received more than 90,000 requests to remove links to “outdated” data. Bing and Yahoo! received significantly fewer requests – the former fielded only 12, as we wrote at the time.

There is no absolute right to have information deleted, and Google will have to weigh a number of criteria in responding to the requests to delete links, including relevance of the information, and the time passed since the facts related, explained the Data Protection Supervisor (EDPS) at the time.

Nonetheless the A29WP, which is made up of the data protection commissioners from all 28 EU countries as well as the EDPS, wanted to know how precisely the search engines were handling these requests.

CNIL, the French data protection authority, firmly took the lead on questioning at Thursday’s meeting. In particular, it asked whether the search engines inform the publishers that a link to their website has been removed, and whether they provide a "warning" that the search results have been modified.

The information gathered at the meeting will be used to create guidelines for data protection authorities who may have to handle complaints about the process. These guidelines are likely to be published before the end of the year.

However, the A29WP will not be producing any such guidelines for search engines.

According to those present at the meeting, the A29WP is concerned that there should be a Europe-wide implementation of the ECJ ruling where users requesting the removal of a link will be treated equally regardless of which country they live in.

The search engines were asked what information they request from a data subject prior to considering a delisting request in order to substantiate their complaint.

Following widespread concern from digital civil liberties groups, who believe that profit-making companies should not be making judgments about what is in the public interest at all, Google, Yahoo! and Microsoft were asked how they balance their economic interest and/or the interest of the general public in having access to information.

They also want to clarify under what circumstances search engines can refuse this request.

However, to date, Google appears to be going to the other extreme - taking down links on the flimsiest of grounds.

Following revelations in June that Google was only removing links from searches performed through its EU domains and not Google.com, the A29WP also enquired whether this was likely to change.

The search engines have another week to answer a further 19 questions in writing.

These include:

  1. Do you ask for a proof of identify or some other form of authentication and if yes, what kind?
  2. Do you accept general claims to delist all search results linking to a news report?
  3. Do you ever permanently delist hyperlinks in response to a removal request, as opposed to delisting?
  4. How do you treat removal requests with regard to hyperlinks to pages that do not or no longer contain the name of the data subject?
  5. Do you notify users through the search results page that some results have been removed according to EU law?
  6. What is the legal basis for this and why is this notice sometimes displayed even in the absence of removal?

Article 29 Data Protection Working Party questions from member-states' data protection watchdogs (PDF). ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.