Feeds

French authorities take lead in grilling Google on 'Right to be Forgotten'

Will that be medium or raaaaare?

Secure remote control for conventional and virtual desktops

Google, Yahoo! and Bing have been grilled by the EU’s top data protection tzars.

Representatives from the search engines were asked by the Article 29 Working Party (A29WP) how they plan to manage requests to take down links to outdated or irrelevant information.

On 13 May, the European Court of Justice (ECJ) ordered Google to delete links to information about a mortgage foreclosure after the Spanish national involved successfully argued that the information had become irrelevant over time. This prompted a frenzy of reports that the ECJ had effectively created a “right to be forgotten”.

In reality, the scope of the ruling was more limited, but in the following weeks Google received more than 90,000 requests to remove links to “outdated” data. Bing and Yahoo! received significantly fewer requests – the former fielded only 12, as we wrote at the time.

There is no absolute right to have information deleted, and Google will have to weigh a number of criteria in responding to the requests to delete links, including relevance of the information, and the time passed since the facts related, explained the Data Protection Supervisor (EDPS) at the time.

Nonetheless the A29WP, which is made up of the data protection commissioners from all 28 EU countries as well as the EDPS, wanted to know how precisely the search engines were handling these requests.

CNIL, the French data protection authority, firmly took the lead on questioning at Thursday’s meeting. In particular, it asked whether the search engines inform the publishers that a link to their website has been removed, and whether they provide a "warning" that the search results have been modified.

The information gathered at the meeting will be used to create guidelines for data protection authorities who may have to handle complaints about the process. These guidelines are likely to be published before the end of the year.

However, the A29WP will not be producing any such guidelines for search engines.

According to those present at the meeting, the A29WP is concerned that there should be a Europe-wide implementation of the ECJ ruling where users requesting the removal of a link will be treated equally regardless of which country they live in.

The search engines were asked what information they request from a data subject prior to considering a delisting request in order to substantiate their complaint.

Following widespread concern from digital civil liberties groups, who believe that profit-making companies should not be making judgments about what is in the public interest at all, Google, Yahoo! and Microsoft were asked how they balance their economic interest and/or the interest of the general public in having access to information.

They also want to clarify under what circumstances search engines can refuse this request.

However, to date, Google appears to be going to the other extreme - taking down links on the flimsiest of grounds.

Following revelations in June that Google was only removing links from searches performed through its EU domains and not Google.com, the A29WP also enquired whether this was likely to change.

The search engines have another week to answer a further 19 questions in writing.

These include:

  1. Do you ask for a proof of identify or some other form of authentication and if yes, what kind?
  2. Do you accept general claims to delist all search results linking to a news report?
  3. Do you ever permanently delist hyperlinks in response to a removal request, as opposed to delisting?
  4. How do you treat removal requests with regard to hyperlinks to pages that do not or no longer contain the name of the data subject?
  5. Do you notify users through the search results page that some results have been removed according to EU law?
  6. What is the legal basis for this and why is this notice sometimes displayed even in the absence of removal?

Article 29 Data Protection Working Party questions from member-states' data protection watchdogs (PDF). ®

Remote control for virtualized desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.