Live in the European Union and want some old, irrelevant info about you deleted from search results? Google has now implemented a search removal request mechanism for people living in Europe who believe it has indexed information about them that they have a right to remove.
The arrival of the webform — which was put online earlier this morning — for users to request data be removed follows a European Court Of Justice ruling earlier this month which said that Google must respect a “right to be forgotten” and, at the request of private individuals, remove “irrelevant” and outdated information that contravenes an EU privacy directive concerning the way personal data is processed.
The ruling was triggered by a complaint by a Spanish man who was seeking to have results related to his name and a property closure removed from the search engine.
Earlier this month, following the Court of Justice ruling, it emerged that Google was already receiving requests for search content removal — albeit, the listed examples were from a convenient trio of what sounded like unsavory types: an ex-politician looking to be re-elected and wanting links detailing bad behavior in office removed; a doctor wanting to erase negative reviews from patients; and a convicted paedophile wanting details of his court conviction for possession of child abuse images taken down.
Which does rather smell like a controlled leak on Google’s part, in an effort to generate negative publicity about the Court of Justice ruling.
The ruling is certainly controversial, though — with outspoken critics including freedom of speech rights groups such as the Open Rights Group, and Wikipedia’s Jimmy Wales, to name a few.
Wales dubbed it “ridiculous” and “very bizarre”, pointing out that it could lead to a scenario where a newspaper can publish information but a search engine can’t link to it. Or that a smaller search engine with no business footprint in Europe is able to display information that a larger search engine such as Google can’t. Censorship of information is the specter that critics of the ruling are invoking.
On the other side of the argument are the privacy rights of individuals, which have often been trampled over by companies in the rush to build increasingly lucrative digital businesses by amassing and storing mountains of data about users.
The sophistication of the technology tools that automatically sift data means that personal information that might have naturally faded into the background in previous eras, when, for instance, old copies of a newspaper became harder to come by, ends up hanging around in the public domain for far longer than it perhaps should. Hence the ‘right to be forgotten’.
For now, the Court ruling has sided with the latter argument — and its judgement is immediately enforceable, explaining why Google has needed to act quickly to put a process in place to deal with requests made under the ruling.
There is also evidently an appetite among Europeans to edit their Google search history, with the company telling TechCrunch it has already received “a few thousand” requests.
Google’s compliance mechanism for the ruling is a webform where users in the European Union can provide details about the information they believe they have a right to remove under European Data Protection Law.
The form notes that Google will then make a judgement on whether a request meets the specification of the law.
In implementing this decision, we will assess each individual request and attempt to balance the privacy rights of the individual with the public’s right to know and distribute information. When evaluating your request, we will look at whether the results include outdated information about you, as well as whether there’s a public interest in the information—for example, information about financial scams, professional malpractice, criminal convictions, or public conduct of government officials.
Google’s wording suggests it is continuing to kick against the judgement — as it flags up the “public interest” argument, by giving examples where “outdated information” may still be pertinent in the eyes of the general public (fraud, malpractice, misconduct in public office and so on).
The difficulty of making such assessments also suggests the process could become extremely unwieldy for Google if the number of information take-down requests grows further — since, by nature, the process requires a case-by-case approach and can’t be automated.
Those requesting information removal are required to verify their identity by submitting a copy of an identity document such as a driver’s licence, national ID card or other photo ID.
Google’s process allows for acting authorized agents to submit requests on behalf of others provided they are in possession of the requisite identity and authorization documents — which does open up the possibility that a cottage industry of search removal request businesses could spring up offering to comb through your search history and submit requests on your behalf.
In an emailed statement provided to TechCrunch, Google revealed that as well as working with local data protection authorities in European countries, it is creating an “expert advisory committee” to help it navigate the judgement process. Which probably means more lucrative work for privacy lawyers.
Google’s statement follows below:
“To comply with the recent European court ruling, we’ve made a webform available for Europeans to request the removal of results from our search engine. The court’s ruling requires Google to make difficult judgments about an individual’s right to be forgotten and the public’s right to know. We’re creating an expert advisory committee to take a thorough look at these issues. We’ll also be working with data protection authorities and others as we implement this ruling.”
Update: Google has named the following as confirmed members of its expert advisory committee so far:
- Frank La Rue (UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression)
- Peggy Valcke (Director, University of Leuven law school)
- Jose Luis Piñar (former Spanish DPA, now an academic)
- Jimmy Wales (Wikipedia)
- Luciano Floridi (information ethics philosopher at Oxford Internet Institute
It’s worth emphasizing that Google’s expert committee is entirely self selected, so while advisors are being drawn from outside Mountain View, their views are likely to align with Mountain View’s.
Or, to put it another way:
Despite its diversity revelations yesterday, Google seems to have not thought much about balance in its Supreme Court of Data Protection…—
Julia Powles (@juliapowles) May 30, 2014
Update 2: Commenting on Google’s move to comply with the Court of Justice ruling, European Commission VP Viviane Reding noted that it was long overdue, given that the core data protection law dates back to 1995.
“It is a good development that Google has announced that it will finally take the necessary measures to respect European law. It was about time since European data protection laws exist since 1995. It took the European Court of Justice to say so. The right to be forgotten and the right to free information are not foes but friends,” she said in a statement.
“The move demonstrates that fears of practical impossibility raised before were unfounded,” Reding added.
Data protection is the business model of the future.
She went on to emphasize that the law is about striking “the right balance” between freedom of expression and data protection.
“It’s not about protecting one at the expense of the other but striking the right balance in order to protect both. The European Court made it clear that two rights do not make a wrong and has given clear directions on how this balance can be found and where the limits of the right to be forgotten lie. The Court also made clear that journalistic work must not be touched; it is to be protected,” she said.
Reding also talked up the opportunity for startups to “build strong and innovative businesses on the basis of offering true data protection”.
“Legal certainty and empowering consumers to manage their data can yield steady revenues and profits. Data protection is the business model of the future. There is a whole world of business waiting for companies wishing to seize this opportunity,” she said.