Risk
6/26/2013
07:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Gets Help In Spanish Privacy Fight

Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.

An expert legal opinion filed with the European Court of Justice on Tuesday argued that Google should not have to remove data from its search index because someone finds it objectionable, a recommendation that places the right to remember over the right to be forgotten, a controversial aspect of a pending legislative update of Europe's 1995 Data Protection Directive.

The European Court of Justice, Europe's high court, has not yet ruled in the case, but the filing, by advocate general Niilo Jääskinen, may increase the odds that Google will ultimately prevail and could help define the parameters of the right to be forgotten, if such a thing is even feasible at a time when national intelligence agencies strive to remember everything.

In 2009, a man who was named in a 1998 print newspaper article as owing a tax debt, and in a subsequent online version, sought to have the publisher of the article remove his name from the online version. The publisher refused, and in 2010 the man asked Google to remove links to the article. Google refused and the man took his case to the Spanish Data Protection Authority.

[ How will the IT sector react to Wednesday's Supreme Court ruling? Read Tech Companies Embrace Marriage Equality. ]

The Spanish agency said the publisher didn't have to remove the article because the information came from a Spanish government ministry and was legally justified. But it decided that Google did have to remove links to the article. Google appealed the ruling to Spain's high court which turned to the European Court of Justice for guidance.

Google's global privacy counsel Peter Fleischer has written several times in recent years about the problems with the right to be forgotten, which he and others have pointed out, puts free expression and history at risk. In 2011, he wrote, "[I]t's wrong to try to use search engines to try to make legal information harder to find. It's wrong to use search engines as an indirect tool of censorship, since European law rightly holds the publisher of material is responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound chilling effect on freedom of expression."

Jääskinen has come to the same conclusion, arguing that requiring search engines to suppress legitimate, lawful information would interfere with freedom of expression and would amount to a right to censor.

Even better for any organization that stores data, Jääskinen asserted that there really isn't a right to be forgotten in a broad sense. He noted that the pending legislative update of Europe's 1995 Data Protection Directive, while an important legal innovation, is not yet codified into law and remains the subject of ongoing debate.

The Data Protection Directive, Jääskinen's filing stated, "does not provide for a general right to be forgotten in the sense that a data subject is entitled to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests."

Technology companies may not yet be ready to forget about the right to be forgotten, but whatever form that right eventually takes in European law, it's unlikely to be as sweeping as some feared.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio