Risk
6/26/2013
07:02 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Gets Help In Spanish Privacy Fight

Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.

An expert legal opinion filed with the European Court of Justice on Tuesday argued that Google should not have to remove data from its search index because someone finds it objectionable, a recommendation that places the right to remember over the right to be forgotten, a controversial aspect of a pending legislative update of Europe's 1995 Data Protection Directive.

The European Court of Justice, Europe's high court, has not yet ruled in the case, but the filing, by advocate general Niilo Jääskinen, may increase the odds that Google will ultimately prevail and could help define the parameters of the right to be forgotten, if such a thing is even feasible at a time when national intelligence agencies strive to remember everything.

In 2009, a man who was named in a 1998 print newspaper article as owing a tax debt, and in a subsequent online version, sought to have the publisher of the article remove his name from the online version. The publisher refused, and in 2010 the man asked Google to remove links to the article. Google refused and the man took his case to the Spanish Data Protection Authority.

[ How will the IT sector react to Wednesday's Supreme Court ruling? Read Tech Companies Embrace Marriage Equality. ]

The Spanish agency said the publisher didn't have to remove the article because the information came from a Spanish government ministry and was legally justified. But it decided that Google did have to remove links to the article. Google appealed the ruling to Spain's high court which turned to the European Court of Justice for guidance.

Google's global privacy counsel Peter Fleischer has written several times in recent years about the problems with the right to be forgotten, which he and others have pointed out, puts free expression and history at risk. In 2011, he wrote, "[I]t's wrong to try to use search engines to try to make legal information harder to find. It's wrong to use search engines as an indirect tool of censorship, since European law rightly holds the publisher of material is responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound chilling effect on freedom of expression."

Jääskinen has come to the same conclusion, arguing that requiring search engines to suppress legitimate, lawful information would interfere with freedom of expression and would amount to a right to censor.

Even better for any organization that stores data, Jääskinen asserted that there really isn't a right to be forgotten in a broad sense. He noted that the pending legislative update of Europe's 1995 Data Protection Directive, while an important legal innovation, is not yet codified into law and remains the subject of ongoing debate.

The Data Protection Directive, Jääskinen's filing stated, "does not provide for a general right to be forgotten in the sense that a data subject is entitled to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests."

Technology companies may not yet be ready to forget about the right to be forgotten, but whatever form that right eventually takes in European law, it's unlikely to be as sweeping as some feared.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.