Slashdot Mirror
EU Court of Justice Paves Way For "Right To Be Forgotten" Online
Mark.JUK (1222360) writes "The European Court of Justice (ECJ) has today ruled that Google, Bing and others, acting as internet search engine operators, are responsible for the processing that they carry out of personal data which appears on web pages published by third parties. As a result any searches made on the basis of a person's name that returns links/descriptions for web pages containing information on the person in question can, upon request by the related individual, be removed. The decision supports calls for a so-called 'right to be forgotten' by Internet privacy advocates, which ironically the European Commission are already working to implement via new legislation. Google failed to argue that such a decision would be unfair because the information was already legally in the public domain."
Paris may forget you cheri, but marketers never will.
May the Maths Be with you!
Donald Sterling's going to love this.
You could try reading TFS, if not TFA.
They specifically point out that even if Site X has a legitimate reason to have that personal information online, it does not automatically mean that Service Y (in this case, Google), has a legitimate reason to process that data in the ways they do.
Site X will still be available. It might not be easy to find it, of course, but cue the "the internet routes around censorship" mantra.
so legislators are going to start deciding what public information search companies are able to aggregate?
uhhh....no thanks...ill opt out of that reality.
never bring a twinkie to a food fight.
This isn't about defamatory material. This is about matters of historical/public record. This case was brought by someone who wanted records of bankruptcy proceedings against him removed. That's not libel nor slander. It's a public record. Similarly a German court blocked a guy who was trying to get records of a previous court judgement or prosecution (I don't recall which) against him removed from a newspaper website. http://www.theguardian.com/com...
There's been a lot of FUD and confusion about this particular law on Slashdot, some people seem to think you can just somehow use your bat signal to say "I want to be forgotten on everything online ever!" but it's more simplistic than that.
What it does, is gives you the right to go to a company, that is storing information on you, and ask that they remove it. Nothing more, nothing less. That means if Google has indexed search results and their index includes information on you they simply have to remove that from their index - they do not have to go to the sites they indexed and asked them to remove the information too or any such thing, it's up to you to contact each specific company and the company must oblige.
This isn't really as big a deal as often made out, there was an argument you already had this right to an extent in many jurisdictions such as under the data protection act in the UK, which states that companies may not be passed information on you without your consent, so unless you gave it to them in the first place or consented to someone else giving it to them then they shouldn't be holding it regardless.
This law just formalises that and makes it clear that that remains true even in the age of user generated content, it simply makes it clear that companies can't shirk their data protection rules by saying "but a user gave us that content!" or "but a machine gathered that information!".
I don't believe this creates the hardship that it's claimed it creates, if companies were adhering to the likes of the UK's data protection act in the first place (which stems back to 1998) then they should've had procedures in place for over a decade and a half now to delete personal details that they had no legal right to hold.
If there are concerns about other content being deleted at the same time then that's not a problem with the law, but entirely a problem with how companies choose to go about eliminating data that should no longer be held.
If I have entered no agreement with a company, if a company is not acting as a data processor for a data controller I do have an agreement, and if I have not myself passed personal data to a company, then they never had a legal right (apart from under a handful of very specific exceptions) to hold it in the first place. The only extension this adds is that it makes it clear that you can also retroactively have information removed even if they did have the right to hold it in the past - even this existed in the likes of the DPA though, that companies shouldn't hold it for longer than necessary for the agreed purpose or when a data subject has ceased their relationship with the firm. The problem with that part it was never explicit as to exactly how long a company could hold data on you after that point so it was down to a fairly arbitrary decision by a court.
Honestly, I don't see the problem, if a company doesn't have control of the data it owns to be able to delete data it shouldn't hold on request then it's not fit to be holding any kind of data in the first place.
The EU does cherish freedom of speech. But it also cherishes the privacy of the individual.
The US - based on comments on this site - appears to have decided that freedom of speech trumps everything else. You can lie, cheat, shout fire in a crowded theatre, call in fake bomb scares, basically anything at all because it's all "freedom of speech."
The EU takes a much more nuanced view. Sometimes there's an overwhelming reason why freedom of speech should trump privacy. Sometimes privacy should trump freedom of speech, and sometimes it's a grey area that has to be litigated through the courts.
In this particular case, the court hasn't ruled that the information has to disappear - all they've ruled is that google (and presumably other search engines) need to give people the right to remove search results about themselves.
Most things are "allowed to be forgotten" in most circumstances. So, for example, most employers aren't allowed to ask "have you ever been made bankrupt?" although I think they can ask "are you an undischarged bankrupt". Google is allowing employers to sidestep the protective regulations that were built into bankruptcy law before the internet existed. The EU is now merely trying to reinstate them.
God said, "div D = rho, div B = 0, curl E = -@B/@t, curl H = J + @D/@t," and there was light.
I actually agree with this decision and if google removes all references to me I wouldn't mind in the least (they have very little anyway);
Are you serious? When I do a google search for "Anonymous Coward", it returns quite some hits.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Does Lexis-Nexis get sued because they index libelous articles?
No, not correct. It's about personal data. This is already something that's well defined and well understood.
Your argument amounts to the idea that nothing should ever be private, which is an even more stupid idea.
Slashdot has always supported the idea that information wants to be free, but it's also supported the idea that privacy matters.
It's also true that not all information should be free, most people don't want their password, debit card pin, or private conversations to be "free".
I mean, what is your argument, that everything the NSA and GCHQ did is fine, and of course they should be able to follow your every conversation, because of course, information wants to be free? I mean why shouldn't GCHQ and the NSA hold all your information, information wants to be free, it wants them to know everything about us!
Should Slashdot remove Anonymous Coward and make everyone post with their real names, because we should all get to know who exactly they are, because information wants to be free? Maybe you should have to publicly post your address and telephone number and e-mail and workplace details and salary too. Are you willing to put your money where you mouth is and make a start?
Yes information wants to be free, except when we're talking about privacy, and privacy concerns should trump that.
What it does, is gives you the right to go to a company, that is storing information on you, and ask that they remove it. Nothing more, nothing less. That means if Google has indexed search results and their index includes information on you they simply have to remove that from their index - they do not have to go to the sites they indexed and asked them to remove the information too or any such thing, it's up to you to contact each specific company and the company must oblige.
Oh, is that all? So the data is still there, except the most popular search engine on the planet can't list it. Wow, that's a relief. Here I thought there was censorship of public information going on, but clearly there isn't. (For the impaired, yes, this is sarcasm.)
From the article:
The case itself occurred after a Spanish man (Mario Costeja Gonzalez) complained that the detail of an auction notice for his former home, which was repossessed after he failed to pay his taxes, appeared in Google's search results.
The notice itself was made public on the third-party website (twice via a newspaper called La Vanguardia) and Mr Gonzalez wanted the source material edited and the Google result removed because the proceedings concerning him had been fully resolved for a number of years, thus he felt as though the reference to them was now "entirely irrelevant".
Mercifully the Spanish Data Protection Agency (AEPD) rejected the complaint against La Vanguardia, which correctly ruled that the information in question had been lawfully published by it. But the AEPD then ruled that Google should still delete the related references to the page, which Google perhaps understandably viewed as unfair because the information was already in the public domain, and so began the court battle until today's ECJ verdict.
Newspapers have long been deemed to be public record, and so of course it shouldn't be censored. Public record can comfortably sit behind the public interest defence. But Google is a business that makes money providing services based on public record, that does not in itself make it public record, and so it becomes difficult for it to make a case for public interest - it's tried to make this case and failed, hence the ruling.
This argument is absurd. Newspapers (when not state run) are also commercial interests. One entity publishes things in the public record, and another makes those things searchable. To argue that what Google does is so different and doesn't deserve protection is preposterous, even more so to claim that there isn't censorship going on.
In the EU simply because some information is public does not mean it's free for all commercial entities to use. For example, if a crime is considered spent (usually some time after punishment ends the guilty party no longer has to declare it to employers) then an employer can't just go looking back through the newspaper archives for the stories reporting it. You can't set up an agency that records crimes and reports them to employers for a fee, even if they are considered legally spent. The information is public, anyone who kept a copy or who can be bothered to visit the library and scan through microfiche can find it, but that doesn't give them a right to use it commercially without that person's consent.
You have to remember that in the EU corporations are not people. They don't get the same freedoms and rights that people do.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC