No Europe, Google does not have to delete all your personal data

EU court did not create true right to be forgotten, experts said at a forum

A Google representative confirmed on Thursday that the so-called European right to be forgotten will not apply to the Google.com domain, nor for that matter to country-specific Google domains outside of Europe.This means that, in practice, query results the company stops showing on its European domains will still turn up on its other sites, including its main one.The comments, made at a forum in Brussels on Thursday by Marisa Jimenez, Google's privacy policy counsel, provoked disbelief. The Google.com domain was not targeted at the EU in general, she said. The comments come following widespread media speculation that a May 13 ruling by the European Court of Justice created this new right to be forgotten.However, experts from the European Commission and the European Data Protection Supervisor were at pains this week to point out that the court was simply applying the current Data Protection Directive to a search engine.The ECJ was asked by Spanish courts to rule on a case involving Costeja González, a 58-year-old lawyer, who claimed that Google was directing people to outdated and irrelevant information about him, specifically a 10-year-old Spanish newspaper notice about a mortgage foreclosure against him.The court decided that a search engine, in this case Google, did constitute a data controller and as such was subject to the 1995 law. Google was ordered to remove the links.Jimenez said on Thursday that the company had been very surprised by the ruling, particularly as it went against the advice of the ECJ's advocate general. However, she added that extrapolating the ruling to mean that the Internet can somehow "forget" was wrong.Joe McNamee, from the European Digital Rights group, EDRi, concurred. "There is no real right to be forgotten," he said at the forum. "The information is still indexed, it's just that a search involving a person's name will not call it up. Users can still find the information using other search terms."He added that he did not believe the ruling would have a huge practical impact. Google has so-far received 41,000 requests to remove links to information, but McNamee pointed out that this is not a huge number compared with the EU's 500 million citizens. However, he said that the principle of a private company making decisions about the balance between the right to privacy and public interest or freedom of expression, was completely wrong. "No private company should be making these decisions," he said.Jimenez said that "the vast majority of cases" have to do with newspapers and legal cases, so it is not easy." She added that everyone who fills in the webform requesting a link be removed would get an acknowledgement.She said there had been quite a few requests from former politicians requesting that links to newspaper articles be removed. However in the ruling, the ECJ made clear that any right to be forgotten must be balanced against the the interests of the public having access to that information. "The role the person requesting the deletion plays in public life might also be relevant," reads a European Commission statement.There have also been requests from individuals offering services such as painting and decorating to have links to comments about their work removed prompting speculation that the ruling could have broad implications for review sites."We are getting a lot of questions from all sectors," said Christopher Kuner, a partner at Wilson Sonsini Goodrich & Rosati law firm in Brussels. "In some cases the ruling clearly doesn't apply, but there is a very broad grey area. It is certainly about much more than just Internet search engines."Meanwhile Google had been criticized by the Hamburg data protection commissioner, Johannes Caspar, for requesting proof of identity from individuals asking for links to be removed. But Jimenez said on Thursday that there was no requirement for photo ID unless it was in relation to requests to remove image links.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

Tags Googlesecurityregulationgovernmentlegislationprivacy

More about EUEuropean CommissionGoogle

Comments

Comments are now closed

How Medibank embraced cloud, overcame shadow IT

READ THIS ARTICLE
MORE IN Business
DO NOT SHOW THIS BOX AGAIN [ x ]