EU Court of Justice Paves Way For "Right To Be Forgotten" Online 199
Mark.JUK (1222360) writes "The European Court of Justice (ECJ) has today ruled that Google, Bing and others, acting as internet search engine operators, are responsible for the processing that they carry out of personal data which appears on web pages published by third parties. As a result any searches made on the basis of a person's name that returns links/descriptions for web pages containing information on the person in question can, upon request by the related individual, be removed. The decision supports calls for a so-called 'right to be forgotten' by Internet privacy advocates, which ironically the European Commission are already working to implement via new legislation. Google failed to argue that such a decision would be unfair because the information was already legally in the public domain."
Re:pure political bullshit (Score:5, Informative)
You could try reading TFS, if not TFA.
They specifically point out that even if Site X has a legitimate reason to have that personal information online, it does not automatically mean that Service Y (in this case, Google), has a legitimate reason to process that data in the ways they do.
Site X will still be available. It might not be easy to find it, of course, but cue the "the internet routes around censorship" mantra.
Re:Censorship (Score:4, Informative)
Re:Definitely good, but there are two sides (Score:5, Informative)
There's been a lot of FUD and confusion about this particular law on Slashdot, some people seem to think you can just somehow use your bat signal to say "I want to be forgotten on everything online ever!" but it's more simplistic than that.
What it does, is gives you the right to go to a company, that is storing information on you, and ask that they remove it. Nothing more, nothing less. That means if Google has indexed search results and their index includes information on you they simply have to remove that from their index - they do not have to go to the sites they indexed and asked them to remove the information too or any such thing, it's up to you to contact each specific company and the company must oblige.
This isn't really as big a deal as often made out, there was an argument you already had this right to an extent in many jurisdictions such as under the data protection act in the UK, which states that companies may not be passed information on you without your consent, so unless you gave it to them in the first place or consented to someone else giving it to them then they shouldn't be holding it regardless.
This law just formalises that and makes it clear that that remains true even in the age of user generated content, it simply makes it clear that companies can't shirk their data protection rules by saying "but a user gave us that content!" or "but a machine gathered that information!".
I don't believe this creates the hardship that it's claimed it creates, if companies were adhering to the likes of the UK's data protection act in the first place (which stems back to 1998) then they should've had procedures in place for over a decade and a half now to delete personal details that they had no legal right to hold.
If there are concerns about other content being deleted at the same time then that's not a problem with the law, but entirely a problem with how companies choose to go about eliminating data that should no longer be held.
If I have entered no agreement with a company, if a company is not acting as a data processor for a data controller I do have an agreement, and if I have not myself passed personal data to a company, then they never had a legal right (apart from under a handful of very specific exceptions) to hold it in the first place. The only extension this adds is that it makes it clear that you can also retroactively have information removed even if they did have the right to hold it in the past - even this existed in the likes of the DPA though, that companies shouldn't hold it for longer than necessary for the agreed purpose or when a data subject has ceased their relationship with the firm. The problem with that part it was never explicit as to exactly how long a company could hold data on you after that point so it was down to a fairly arbitrary decision by a court.
Honestly, I don't see the problem, if a company doesn't have control of the data it owns to be able to delete data it shouldn't hold on request then it's not fit to be holding any kind of data in the first place.
Re:Mario Costeja González (Score:4, Informative)
The EU does cherish freedom of speech. But it also cherishes the privacy of the individual.
The US - based on comments on this site - appears to have decided that freedom of speech trumps everything else. You can lie, cheat, shout fire in a crowded theatre, call in fake bomb scares, basically anything at all because it's all "freedom of speech."
The EU takes a much more nuanced view. Sometimes there's an overwhelming reason why freedom of speech should trump privacy. Sometimes privacy should trump freedom of speech, and sometimes it's a grey area that has to be litigated through the courts.
In this particular case, the court hasn't ruled that the information has to disappear - all they've ruled is that google (and presumably other search engines) need to give people the right to remove search results about themselves.
Most things are "allowed to be forgotten" in most circumstances. So, for example, most employers aren't allowed to ask "have you ever been made bankrupt?" although I think they can ask "are you an undischarged bankrupt". Google is allowing employers to sidestep the protective regulations that were built into bankruptcy law before the internet existed. The EU is now merely trying to reinstate them.
Re:Definitely good, but there are two sides (Score:5, Informative)
What it does, is gives you the right to go to a company, that is storing information on you, and ask that they remove it. Nothing more, nothing less. That means if Google has indexed search results and their index includes information on you they simply have to remove that from their index - they do not have to go to the sites they indexed and asked them to remove the information too or any such thing, it's up to you to contact each specific company and the company must oblige.
Oh, is that all? So the data is still there, except the most popular search engine on the planet can't list it. Wow, that's a relief. Here I thought there was censorship of public information going on, but clearly there isn't. (For the impaired, yes, this is sarcasm.)
From the article:
The case itself occurred after a Spanish man (Mario Costeja Gonzalez) complained that the detail of an auction notice for his former home, which was repossessed after he failed to pay his taxes, appeared in Google's search results.
The notice itself was made public on the third-party website (twice via a newspaper called La Vanguardia) and Mr Gonzalez wanted the source material edited and the Google result removed because the proceedings concerning him had been fully resolved for a number of years, thus he felt as though the reference to them was now "entirely irrelevant".
Mercifully the Spanish Data Protection Agency (AEPD) rejected the complaint against La Vanguardia, which correctly ruled that the information in question had been lawfully published by it. But the AEPD then ruled that Google should still delete the related references to the page, which Google perhaps understandably viewed as unfair because the information was already in the public domain, and so began the court battle until today's ECJ verdict.
Re:Definitely good, but there are two sides (Score:4, Informative)
In the EU simply because some information is public does not mean it's free for all commercial entities to use. For example, if a crime is considered spent (usually some time after punishment ends the guilty party no longer has to declare it to employers) then an employer can't just go looking back through the newspaper archives for the stories reporting it. You can't set up an agency that records crimes and reports them to employers for a fee, even if they are considered legally spent. The information is public, anyone who kept a copy or who can be bothered to visit the library and scan through microfiche can find it, but that doesn't give them a right to use it commercially without that person's consent.
You have to remember that in the EU corporations are not people. They don't get the same freedoms and rights that people do.