Risk
6/26/2013
07:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Gets Help In Spanish Privacy Fight

Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.

An expert legal opinion filed with the European Court of Justice on Tuesday argued that Google should not have to remove data from its search index because someone finds it objectionable, a recommendation that places the right to remember over the right to be forgotten, a controversial aspect of a pending legislative update of Europe's 1995 Data Protection Directive.

The European Court of Justice, Europe's high court, has not yet ruled in the case, but the filing, by advocate general Niilo Jääskinen, may increase the odds that Google will ultimately prevail and could help define the parameters of the right to be forgotten, if such a thing is even feasible at a time when national intelligence agencies strive to remember everything.

In 2009, a man who was named in a 1998 print newspaper article as owing a tax debt, and in a subsequent online version, sought to have the publisher of the article remove his name from the online version. The publisher refused, and in 2010 the man asked Google to remove links to the article. Google refused and the man took his case to the Spanish Data Protection Authority.

[ How will the IT sector react to Wednesday's Supreme Court ruling? Read Tech Companies Embrace Marriage Equality. ]

The Spanish agency said the publisher didn't have to remove the article because the information came from a Spanish government ministry and was legally justified. But it decided that Google did have to remove links to the article. Google appealed the ruling to Spain's high court which turned to the European Court of Justice for guidance.

Google's global privacy counsel Peter Fleischer has written several times in recent years about the problems with the right to be forgotten, which he and others have pointed out, puts free expression and history at risk. In 2011, he wrote, "[I]t's wrong to try to use search engines to try to make legal information harder to find. It's wrong to use search engines as an indirect tool of censorship, since European law rightly holds the publisher of material is responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound chilling effect on freedom of expression."

Jääskinen has come to the same conclusion, arguing that requiring search engines to suppress legitimate, lawful information would interfere with freedom of expression and would amount to a right to censor.

Even better for any organization that stores data, Jääskinen asserted that there really isn't a right to be forgotten in a broad sense. He noted that the pending legislative update of Europe's 1995 Data Protection Directive, while an important legal innovation, is not yet codified into law and remains the subject of ongoing debate.

The Data Protection Directive, Jääskinen's filing stated, "does not provide for a general right to be forgotten in the sense that a data subject is entitled to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests."

Technology companies may not yet be ready to forget about the right to be forgotten, but whatever form that right eventually takes in European law, it's unlikely to be as sweeping as some feared.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

CVE-2015-4232
Published: 2015-07-03
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

CVE-2015-4234
Published: 2015-07-03
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

CVE-2015-4237
Published: 2015-07-03
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv0...

CVE-2015-4239
Published: 2015-07-03
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report