Risk
6/26/2013
07:02 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Gets Help In Spanish Privacy Fight

Legal filing argues Europe's right to be forgotten isn't quite a right and doesn't obligate Google to delete data that makes people unhappy.

An expert legal opinion filed with the European Court of Justice on Tuesday argued that Google should not have to remove data from its search index because someone finds it objectionable, a recommendation that places the right to remember over the right to be forgotten, a controversial aspect of a pending legislative update of Europe's 1995 Data Protection Directive.

The European Court of Justice, Europe's high court, has not yet ruled in the case, but the filing, by advocate general Niilo Jääskinen, may increase the odds that Google will ultimately prevail and could help define the parameters of the right to be forgotten, if such a thing is even feasible at a time when national intelligence agencies strive to remember everything.

In 2009, a man who was named in a 1998 print newspaper article as owing a tax debt, and in a subsequent online version, sought to have the publisher of the article remove his name from the online version. The publisher refused, and in 2010 the man asked Google to remove links to the article. Google refused and the man took his case to the Spanish Data Protection Authority.

[ How will the IT sector react to Wednesday's Supreme Court ruling? Read Tech Companies Embrace Marriage Equality. ]

The Spanish agency said the publisher didn't have to remove the article because the information came from a Spanish government ministry and was legally justified. But it decided that Google did have to remove links to the article. Google appealed the ruling to Spain's high court which turned to the European Court of Justice for guidance.

Google's global privacy counsel Peter Fleischer has written several times in recent years about the problems with the right to be forgotten, which he and others have pointed out, puts free expression and history at risk. In 2011, he wrote, "[I]t's wrong to try to use search engines to try to make legal information harder to find. It's wrong to use search engines as an indirect tool of censorship, since European law rightly holds the publisher of material is responsible for its content. Requiring intermediaries like search engines to censor material published by others would have a profound chilling effect on freedom of expression."

Jääskinen has come to the same conclusion, arguing that requiring search engines to suppress legitimate, lawful information would interfere with freedom of expression and would amount to a right to censor.

Even better for any organization that stores data, Jääskinen asserted that there really isn't a right to be forgotten in a broad sense. He noted that the pending legislative update of Europe's 1995 Data Protection Directive, while an important legal innovation, is not yet codified into law and remains the subject of ongoing debate.

The Data Protection Directive, Jääskinen's filing stated, "does not provide for a general right to be forgotten in the sense that a data subject is entitled to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests."

Technology companies may not yet be ready to forget about the right to be forgotten, but whatever form that right eventually takes in European law, it's unlikely to be as sweeping as some feared.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant