How Google Handles 'Right To Be Forgotten' Requests 135
An anonymous reader writes: In response to an inquiry from European data protection regulators, Google has detailed how they evaluate and act on requests to de-index search results. Google's procedures for responding to "right-to-be-forgotten" requests are explained in a lengthy document that was made publicly available. "Google of course claims its own economic interest does not come into play when making these rtbf judgements — beyond an 'abstract consideration' of a search engine needing to help people find the most relevant information for their query. ... Google also goes into lengthy detail to justify its decision to inform publishers when it has removed links to content on their sites — a decision which has resulted in media outlets writing new articles about delisted content, thereby resulting in the rtbf ruling causing the opposite effect to that intended (i.e. fresh publicity, not fair obscurity)."
Re:Who didn't see this coming? (Score:5, Informative)
I do not see how this can be considered circumvention or contempt. Google has a long history of being transparent in this way. They make public what content they delist because of copyright violations and it is only right that they inform a website when they do similar for "right to be forgotten".
Further, if you read Google's document they indicate that in the case of data protection removals they inform the webmaster of the URL that has been de-listed, with no information about the details of the request or the requester. This seems like a sensible and serious attempt to balance the right of the webmaster to know that his content is no longer being indexed (for some searches) with the right of privacy of the person requesting removal.
It also seems to be the cause of the hoopla a few weeks back which put Google in the crosshairs of many who claimed the company was trying to sensationalize the removals. Google had removed the link when the searched topic was the name of a commenter on the article (who asked for it to be removed), but not when the searched topic was person the article was about, or other relevant terms. The webmaster saw that the URL had be de-listed for some searches and the paper wrote an article about how the URL had been removed entirely, even though it was obviously in the public interest, asserting that Google was intentionally removing things that weren't justified under the law in order to provoke a backlash against it. The assumption that it had been removed entirely was incorrect, of course, but Google couldn't provide information about the rationale or scope of the removal without violating the privacy of the requester.
I, personally, think the "right to be forgotten" is ridiculous, but it appears to me that Google is trying very hard to comply with it, letter and spirit.
(Disclosure: I'm a Google employee, but I have nothing to do with any of this and know nothing about it beyond what I read in the press. Also, I'm not a company spokesperson of any sort; they pay me to sit at a desk and pound out code.)
Gross misunderstanding of EU ruling (Score:5, Informative)
The EU ruling does not require the information on a website to be deleted. Quite the opposite, it upheld the ruling against that by previous courts.
The EU ruling does not require Google to de-index the information. No, seriously, it doesn't.
What the EU ruling states, and this is made painfully clear by the court and also in the summary document, is that the link to the information not be coupled with the personal name. How Google chooses to implement that is Google's affair.
The Statute of Anne [wikipedia.org] is ultimately at the heart of this, because this is where ownership of information is first taken out of the hands of corporations and guilds, and placed squarely in the hands of individuals. The Data Protection Act, which stemmed from (again) corporations claiming ownership of information belonging to others - but this time often getting it wrong with life-threatening consequences, was in many ways a repeat of that battle.
In the case of the DPA, the stakes were higher. Computer glitches and operator errors declaring living people to be dead spread from computer to computer like an incurable cancer. With no redress, even if it meant your bank account was closed, insurance got cancelled and house repossessed. Even if you got a company to fix the data, it would merely get reinfected. Politically aligned "vetting" companies were making a fortune selling bogus information to prospective employers, ensuring only ideologically approved candidates would get hired.
I don't think people remember those days.
European privacy rules are intended to transfer rights to individuals, as per Statute of Anne, and attempt to prevent malign, inaccurate data from harming said individual. So far, so good. I'm amazed at the number of libertarians who are opposed to individuals having rights. The more they oppose such a notion, the more I'm inclined to believe the philosophy suspect. If core elements can be ignored when convenient, they're not especially core.
The EU laws and ruling might not be perfect, in fact I don't believe for a moment they are. But I reject the idea that a corporation has more rights than a person.
Some time back, when I argued that freedom of the collective could not be neglected in pursuit of freedom of the individual, there was much opposition. Mostly along the lives that collectives have no physical reality. I fully expect these to be the people most opposed to the EU ruling, on the grounds that collectives (because that's what a corporation is) have freedoms.
In other words, I believe people prefer cognitive dissonance to having self-consistent beliefs or to admitting error. Much better to split the mind than debug an ideology. Microsoft would be proud.
I'd love to see a sane, rational discussion on the issue. Particularly with experts in IT security as part of it, as they're the experts in handling the conflict between access needs and access controls, and between risks vs benefits, especially on historical data which may include flawed data.