Risk
6/26/2013
07:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Gets Help In Spanish Privacy Fight

Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.

An expert legal opinion filed with the European Court of Justice on Tuesday argued that Google should not have to remove data from its search index because someone finds it objectionable, a recommendation that places the right to remember over the right to be forgotten, a controversial aspect of a pending legislative update of Europe's 1995 Data Protection Directive.

The European Court of Justice, Europe's high court, has not yet ruled in the case, but the filing, by advocate general Niilo Jääskinen, may increase the odds that Google will ultimately prevail and could help define the parameters of the right to be forgotten, if such a thing is even feasible at a time when national intelligence agencies strive to remember everything.

In 2009, a man who was named in a 1998 print newspaper article as owing a tax debt, and in a subsequent online version, sought to have the publisher of the article remove his name from the online version. The publisher refused, and in 2010 the man asked Google to remove links to the article. Google refused and the man took his case to the Spanish Data Protection Authority.

[ How will the IT sector react to Wednesday's Supreme Court ruling? Read Tech Companies Embrace Marriage Equality. ]

The Spanish agency said the publisher didn't have to remove the article because the information came from a Spanish government ministry and was legally justified. But it decided that Google did have to remove links to the article. Google appealed the ruling to Spain's high court which turned to the European Court of Justice for guidance.

Google's global privacy counsel Peter Fleischer has written several times in recent years about the problems with the right to be forgotten, which he and others have pointed out, puts free expression and history at risk. In 2011, he wrote, "[I]t's wrong to try to use search engines to try to make legal information harder to find. It's wrong to use search engines as an indirect tool of censorship, since European law rightly holds the publisher of material is responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound chilling effect on freedom of expression."

Jääskinen has come to the same conclusion, arguing that requiring search engines to suppress legitimate, lawful information would interfere with freedom of expression and would amount to a right to censor.

Even better for any organization that stores data, Jääskinen asserted that there really isn't a right to be forgotten in a broad sense. He noted that the pending legislative update of Europe's 1995 Data Protection Directive, while an important legal innovation, is not yet codified into law and remains the subject of ongoing debate.

The Data Protection Directive, Jääskinen's filing stated, "does not provide for a general right to be forgotten in the sense that a data subject is entitled to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests."

Technology companies may not yet be ready to forget about the right to be forgotten, but whatever form that right eventually takes in European law, it's unlikely to be as sweeping as some feared.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-1157
Published: 2015-05-27
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2)...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?