Privacy

Google Digs In Heels Over Global Expansion of EU’s ‘Right to Be Forgotten’

Google took on French lawyers at the European Union Court of Justice this week in an effort to fend off expansion of the EU’s “right to be forgotten” judgment.

The EU’s attempts to broaden the scope of that judgment would be “completely unenvisagable,” and it could result in impositions on the values of different countries around the world, Google argued.

The right to be forgotten directive, which the EU imposed six years ago, allows individuals to request the removal of content from a search engine.

Although details about the actual review process were not disclosed, EU regulators released guidelines in the fall of 2014. However, Google had already removed nearly 1.4 million URLs months earlier. The company has maintained that it accommodated reasonable requests.

Google earlier this year said that it had complied with 43 percent of the 2.4 million requests it received between 2014 and 2017.

One point of disagreement is over the EU’sproposal that delinking requests made by EU citizens be implemented by Google globally and not be limited to European versions of the search engine. European regulators have called for Google to delink the content to prevent circumvention of the law.

Google so far has refused the French Data Protection Agency’s demand to apply the right to be forgotten internationally, which has resulted in the search company becoming the subject of a four-year-long antitrust investigation.

The French watchdog group, Commission Nationale del’Informatique et des Liberts (CNIL), this week argued before the 15-judge panel that by limiting the delinking to Europe alone, content would be rendered difficult to find, but it would not be removed.

For example, information could be retrieved from non-EU URLs or by using a Virtual Private Network (VPN) tool to conduct the searches, the group noted.

Google is not the only tech company to face fines under the right-to-be-forgotten law. Yahoo, Microsoft, Facebook, and Twitter also have had to comply with requests to be forgotten in the EU.

More EU Regulations on the Way

While Google has been attempting to push back against the right-to-be-forgotten law, regulators in the EU have been pushing for more privacy and data protection.

The EU earlier this year implemented the General DataProtection Regulation, which gives consumers greater control over personal data collected by companies online.

The EU has recently been considering rules that would require search engines and social media companies to remove alleged terrorist propaganda from their respective platforms within an hour of a “competent” authority’s notification.

Europe, which has experienced a rash of terrorist attacks, evidently aims to crack down on the spread of such propaganda online, including its use as a recruiting tool.

In his annual State of the Union speech, European Commission President Jean-Claude Juncker called for the removal of such content as a way to reduce the likelihood of attacks.

Addressing terrorist threats is just one topic in the back-and-forth discussions between the European Commission and tech companies. The companies have emphasized the progress they’ve made in removing extremist content via automated detection technology.

Google, Facebook, and other companies have not yet responded to the EU’scalls for action, but given the nature of Juncker’s message, the tech companies may find it difficult to mount opposition. It’s highly unlikely that any of them would characterize stopping terrorism as an overreach.

“Governments have many rights and powers but only one true unalienable responsibility — to protect and nurture the citizens that underlie that government,” said Rob Enderle, principal analyst at the Enderle Group.

“France, in this instance, is stepping up to this responsibility and applying it broadly as they should,” he told TechNewsWorld.

“Facebook isn’t obligated under the First Amendment freedom of speech,” noted social media consultant Lon Sakfo, “and they aren’t required to print everything every nut-bag has to say.”

Torture videos and worse have been posted online.

“There are just some things that don’t belong on a happy social network,” Safko told TechNewsWorld.

Is There a Right Way to Be Forgotten?

How this plays out could revolve around the issue of the so-called “right” to be forgotten, especially when so much online content seems to live forever.

Fully addressing the problem could involve much more than enforcing regulations. Someone, somewhere, still could keep the content alive.

“The scope of complying with the EU’s expansion of ‘the right to be forgotten’ is hard to conceive,” said Charles King, principal analyst at Pund-IT.

“An inadequate comparison would be to demand that libraries be responsible for all the information in the books on their shelves, as well as for removing citations that individuals believe are inaccurate, inappropriate, or offensive,” he told TechNewsWorld.

“The fact is that libel laws offer people ways to pursue and police such information in hard copy publications, but nothing similar exists for online content,” King added.

“This goofy scenario could become even more complex and costly if Google and other search companies were required to exert these control mechanisms on a country-by-country basis according to differing regulations,” he suggested.

“Google has taken a hard-line stand on removing anything from their index,” said Safko. “Since the beginning, it has said they are not the Internet police, and they will not make determinations of what should be indexed.”

EU Overreach?

Clearly, the right to be forgotten is not something that can easily be contained within the borders of the EU. Does it follow that regulators in Europe should have a say about what individuals across the world can — or in this case, cannot — see?

“This isn’t only an issue for Google,” said Niles Rowland, director of product development for The Media Trust.

Other tech giants with a global reach also have come under threat from a growing number of EU laws, Rowland told TechNewsWorld.

Google knows it’s being watched closely — not only by regulators but also by other companies and consumers. It has been treading carefully between complying with EU privacy laws and ensuring that they do not exceed the intended scope and jurisdiction, Rowland pointed out.

“Google is not alone in opposing the expansion. The EU executive arm, human rights activists, and others see the potential for abuse by heads of countries with weak democratic traditions,” he added.

“The ‘right to be forgotten’ for the EU is very relevant,” said Laurence Pitt, strategic security director at Juniper Networks.

It “means that businesses and individuals have to act as data controllers for the information that they post to, or host on, the Internet — whether or not they own it,” he explained.

“Google alone has had hundreds of thousands of individual requests for data to be removed — the workload for this is huge,” Pitt told TechNewsWorld.

This is where it gets complicated. Should Google somehow be required to expand the EU directive globally isn’t feasible, given current international laws.

“It needs to be driven by a global agreement with all countries around the world approving the change,” suggested Pitt. “Otherwise, it’s simply not workable.”

An Issue of Privacy

One major consideration is whether this is, in fact, simply about protecting consumer privacy online — and if so, whether privacy protections should be limited to one continent.

“The request of the EU has some legs. It doesn’t make sense to be forgotten on one version of Google’s search site but not on another, just on the grounds of a different language or a different geographical location,” suggested Mounir Hahad, head of Juniper ThreatLabs at Juniper Networks.

“An EU citizen could be traveling to non-EU countries and inadvertently have access to search results that are supposed to be filtered,” he told TechNewsWorld.

For those motivated to find filtered information, a VPN connection is all it takes, and there are many free ones available.

“Governments have been slow to realize that the digital information that describes, constraints, and defines its citizens should be protected as part of this responsibility,” observed Enderle.

“I’ve always thought that given companies like Google are largely funded by mining and selling this information, they would either be nationalized or constrained,” he added. “More countries in the EU, and eventually the U.S., will follow this example.”

How This Will Change Online Business

One of the major concerns being voiced by opponents of the EU’s right to be forgotten and GDPR is how these regulations could impact online businesses.

Expanding the scope won’t have any substantial impact on the way businesses use the Internet, according to Hahad.

“The current situation, if it stands, may indeed push some businesses to bypass EU local search engine versions in favor of unfiltered ones,” he said. “On the contrary, companies would prefer to apply the same rules across the globe and not have to deal with local regulations.”

However, there is the view that it still boils down to censorship –even if done for compelling reasons, such as to stop terrorist propaganda or simply to keep personal information truly personal. Governments could determine what actually was fake news, and potentially even censor content that they found offensive to their positions.

“In such a situation, terrible deeds could be perpetrated without fear of censure, repercussion, or even the judgment of history,” said Douglas Crawford, online privacy expert at BestVPN.com.

These deeds simply would disappear from the public record, Crawford told TechNewsWorld.

“Whatever happens, though, the right to be forgotten ruling will have little impact on the way business is done in Europe,” he added.

“What will make a difference to Americans doing business in Europe, though, is how and when [Europe] chooses to enforce the Privacy Shield obligations that the U.S. government agreed to in 2016,” Crawford said.

Although the deadline for meeting these obligations has now passed, the EU has yet to respond. Many businesses still could be taking a wait-and-see approach.

“Businesses will likely choose between shifting resources to the less-regulated markets or taking a blanket approach, where the most stringent measures are applied across the board,” said The MediaTrust’s Rowland.

“The blanket approach will most likely be the most frequently used, which will lead to a universal application of the most stringent laws,” he added, “and in short, consolidation rather than fracturing could be the result.”

The final question may be what right does one region have to enforce its rules on another region that doesn’t want them?

“There hasn’t been any shortage of countries that already try to enforce their own censorship rules locally,” said Crawford, “but these have no power to exert their version of reality on the world at large, and thereby permanently change the historical record.”

Peter Suciu

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.Email Peter.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Peter Suciu
More in Privacy

Technewsworld Channels