Is EU right to expand 'right to be forgotten' to Google.com?
The basic idea might be nuts, but the specific point is spot on
Worstall on Wednesday The European Union is arguing that the so-called "right to be forgotten" (you know, sure, I was a paedophile mass murderer but it was only the once and I've been to confession now so nobody should know about it) in Google and other search engine results should be extended to the Google.com domain, as well as those aimed more directly at the European countries.
This means Google will be required to not just clean .co.uk, .de and so on, but also to clean .com. In fact, it's likely to have to prepare two different versions of .com as a result of this.
And the thing is, while the basic idea of official forgetting is pretty weird, this particular extension seems just fine.
European data regulators are set to instruct Google to apply “right to be forgotten” search result deletions outside of Europe on Google.com.
The Article 29 cross-European panel of data protection watchdogs announced its guidance that search result removals should be carried out beyond local European domains such as google.co.uk, google.fr and google.de to prevent circumvention of the right-to-be-forgotten law.
“De-listing decisions must be implemented in such a way that they guarantee the effective and complete protection of data subjects’ rights and that EU law cannot be circumvented,” Article 29 said in a statement. “Limiting de-listing to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient means to satisfactorily guarantee the rights of data subjects according to the ruling.”
Myself, I'm pretty sure that the basic idea ain't right, ain't right at all. I can sorta understand when we get to things like spent convictions and so on. The reason they're spent, and therefore don't appear on an official record, is because we all agree (or, as politics actually works, we've had it agreed for us) that something done 30 years ago or whatever isn't all that good a guide to current likely behaviour.
However, the way that this has been extended does rather leave the impression that there's some airbrushing of history going on.
But my point isn't particularly about the basic rule itself, it's about this extension to the .com domains: in fact, it's an extension to all and every search service that can be accessed from inside the EU (that's not been said yet but it is what is meant. So this will apply to .com.au, .co.nz, .com.in and all the rest as well). And the reason for this is as I've pointed out before here at El Reg about where something happens on the internet.
The legal jurisdiction something takes place in is the legal jurisdiction where the browser being used to view the intertubes is. It is not where the server is, it is not where the company owning the content or the search is located, nor where the person who prepared it lives nor any other variation.
This is a simple and logical extension from long accepted principles of libel law. A book can be published in the US and it can say absolutely anything about anyone and English libel law won't give a toss. But the moment one copy of that arrives in England (and, or, Wales, to the extent that the sheep are literate) then the full rigour of perhaps the world's worst libel laws apply. This is also not some vague possibility as that earlier article points out.
Given this basic principle it's no surprise therefore that the same applies to the online world. Someone writes something on a website in California and EU law doesn't apply in any manner. Someone reads it inside the EU, a copy of that Californian website thereby being published inside a browser in the EU, and EU law does apply. And there we have it. The right to be forgotten does not just apply to versions of search engines optimised for readers inside the EU. It applies to those accessible by those inside the EU. Thus .com and so on should be covered.
It's possible to see this working out in two different ways. Google might decide to simply scrub the offending pieces from the entire index. Or it might try some form of geo-location decisions on where the engine is being accessed from.
If that IP is inside the EU then the EU rules apply. If outside then they get to see the full entry. Y'all will know better than I how difficult that would be. And even I know that that can be spoofed with a couple of seconds of preparation. So it's going to be fun to see how far the EU tries to take this.