It’s taken well over a year for Google to shift its position but the search giant is finally buckling to European data protection regulators’ demands to apply granted search delisting requests on the Google.com domain, as well as European subdomains as it currently does.
Search delisting refers to the so-called right to be forgotten ruling made by Europe’s top court back in May 2014 which judged that search engines are data controllers and therefore must process individual requests from Europeans to delist outdated or irrelevant personal data, in line with regional data protection law.
In June last year, French data protection watchdog CNIL ordered Google to widen its implementation of the right to be forgotten ruling so that links would be delisted from all Google domains, including google.com, not just from the .fr French subdomain.
Google is still not publicly doing so yet, but TechCrunch understands it will be amending its implementation of the ruling to include Google.com, with this change due to be applied shortly — perhaps as early as the middle of this month. Earlier today the New York Times reported the company will be making the change by early next month.
Google isn’t making any public comment at this stage but TechCrunch understands the company has a technological twist up its sleeve in how it will implement delisting on Google.com — namely geoblocking. So only searchers located in the same geographical location as the successful delisting request will have the offending search result removed from Google.com. Those searching Google.com from other locations (i.e. from outside Europe, or from another European country unrelated to the specific delisting request) may still see delisted search results.
It’s a location-based compromise that has been suggested before to address the tricky problem of affording individual privacy without leaving trivial workarounds nor trampling too broadly on the wider public’s ability to access information. And while Google still treats copyright removals (for instance) to a fuller global delisting, the company is evidently sweating to avoid granting such sweeping powers to European privacy requests. It has lobbied against the court ruling since day one, and fought to limit how it is implemented. And indeed continues to fight by coming up with this latest geoblocking option as an alternative to implementing full global delisting.
It remains to be seen whether the compromise will please the DPAs, though. On that front Google is taking another gamble, so may yet be forced to offer fuller global delisting in time. (A spokesperson for the French data protection watchdog, the CNIL, told Reuters yesterday that it had been informed of Google’s plans and was now analyzing the move in light of the “issue of territorial scope”. A spokeswoman for the CNIL reiterated this position in an email to TechCrunch today, saying: “We have been informed about what Google is willing to change and our services are going to analyze these elements.”)
But in the short term at least Google will be hoping that geoblocking placates the European regulators — regulators that have been fired up by other recent ECJ privacy-related judgements, such as last year’s strikedown of the Safe Harbor transatlantic data transfer agreement.
A new general data protection directive was also agreed by European politicians at the back end of last year which will bring in stricter penalties for privacy infringements when it comes into force in 2018. Such wider moves in Europe to bolster regional data protection regulation may have helped concentrate Google’s mind on the search delisting front to come into fuller compliance.