Google took on French lawyers at the European
Union Court of Justice this week, in an effort to fend off expansion of the EU’s “right to be forgotten” judgment.
The EU’s attempts to broaden the scope of
that judgment would be “completely unenvisagable,” and
it could result in impositions on the values of different countries around the world, Google argued.
The right to be forgotten directive, which the EU imposed six years ago,
allows individuals to request the removal of content from a search engine.
Although details about the actual review process were not disclosed, EU regulators released guidelines in the fall of 2014. However, Google already had removed nearly 1.4 million URLs months earlier. The company has maintained that it accommodated reasonable requests.
Google earlier this year said that it had complied with 43 percent of the 2.4 million requests it received between 2014 and 2017.
One point of disagreement is over the EU’s
proposal that delinking requests made by EU citizens be
implemented by Google globally and not be limited to European
versions of the search engine. European regulators have called for
Google to delink the content to prevent circumvention of the law.
Google so far has refused the French Data Protection Agency’s demand
to apply the right to be forgotten internationally, which has
resulted in the search company becoming the subject of a
four-year-long antitrust investigation.
The French watchdog group, Commission Nationale de
l’Informatique et des Liberts (CNIL) this week argued before the 15-judge panel that by limiting the delinking to Europe alone, content would be rendered difficult to find, but it would not be removed.
For example, information could be retrieved from non-EU URLs or
by using a Virtual Private Network (VPN) tool to conduct the searches, the group noted.
Google is not the only tech company to face fines under
the right to be forgotten law. Yahoo, Microsoft, Facebook and Twitter also have had to comply with requests to be forgotten in the EU.
More EU Regulations on the Way
While Google has been attempting to push back against the right to be forgotten law,
regulators in the EU have been pushing for more privacy and data
protection.
The EU earlier this year implemented the General Data
Protection Regulation, which gives consumers greater
control of personal data collected by companies online.
The EU recently has been considering rules that would require search engines and social media companies to remove alleged
terrorist propaganda from their respective platforms within an hour of
a “competent” authority’s notification.
Europe, which has experienced a rash of terrorist attacks, evidently aims to crack down on the spread of such propaganda online, including its use as a recruiting tool.
In his annual State of
the Union speech, European Commission President Jean-Claude Juncker
called for the removal of such content as way to reduce the likelihood
of attacks.
Addressing terrorist threats is just one topic in the back-and-forth
discussions between the European Commission and tech
companies. The companies have emphasized the progress they’ve made in removing extremist content via automated detection technology.
Google, Facebook and other companies have not yet responded to the EU’s
calls for action, but given the nature of Juncker’s message, the tech companies may find it difficult to mount opposition. It’s highly unlikely that any of them would characterize stopping terrrorism as an overreach.
“Governments have many rights and powers but only one true unalienable
responsibility — to protect and nurture the citizens that underlie that
government,” said Rob Enderle, principal analyst at the Enderle Group.
“France, in this instance, is stepping up to this responsibility and
applying it broadly as they should,” he told TechNewsWorld.
“Facebook isn’t obligated under the First Amendment freedom of speech,” noted social media consultant Lon Sakfo, “and they aren’t required to print everything every nut-bag has to say.”
Torture videos and worse have been posted online.
“There are just some things that don’t belong on a happy social network,” Safko told
TechNewsWorld.
Is There a Right Way to Be Forgotten?
How this plays out could revolve around the issue of
the so-called “right” to be forgotten, especially when so much online content
seems to live forever.
Fully addressing the problem could involve much more than enforcing a
regulation. Someone, somewhere still could keep the content alive.
“The scope of complying with the EU’s expansion of ‘the right to be
forgotten’ is hard to conceive,” said Charles King, principal analyst
at Pund-IT.
“An inadequate comparison would be to demand that libraries be
responsible for all the information in the books on their shelves, as
well as for removing citations that individuals believe are
inaccurate, inappropriate or offensive,” he told TechNewsWorld.
“The fact is that libel laws offer people ways to pursue and police
such information in hard copy publications, but nothing similar exists
for online content,” King added.
“This goofy scenario could become even more complex and costly if
Google and other search companies were required to exert these control
mechanisms on a country-by-country basis according to differing
regulations,” he suggested.
“Google has taken a hard-line stand on removing anything from their
index,” said Safko. “Since the beginning, it has said they are not
the Internet police, and they will not make determinations of what
should be indexed.”
EU Overreach?
Clearly, the right to be forgotten is not something that easily can be contained within the borders of the EU. Does it follow that regulators in Europe should have a say about what individuals across the world can — or in this case, cannot — see?
“This isn’t only an issue for Google,” said Niles Rowland, director of product development for
The Media Trust.
Other tech giants with a global reach also have come under threat from a growing number of EU laws, Rowland told TechNewsWorld.
Google knows it’s being watched closely — not only by regulators, but also by
other companies and consumers. It has been treading carefully between
complying with EU privacy laws and ensuring that they do not exceed the intended scope and jurisdiction, Rowland pointed out.
“Google is not alone in opposing the expansion. The EU executive arm,
human rights activists and others see the potential for abuse by
heads of countries with weak democratic traditions,” he added.
“The ‘right to be forgotten’ for the EU is very relevant,” said Laurence Pitt, strategic security director at
Juniper Networks.
It “means
that businesses and individuals have to act as data controllers for
the information that they post to, or host on, the Internet — whether
or not they own it,” he explained.
“Google alone has had hundreds of thousands of individual requests for
data to be removed — the workload for this is huge,” Pitt told
TechNewsWorld.
This is where it gets complicated. Should Google somehow be
required to expand the EU directive globally isn’t feasible, given current
international laws.
“It needs to be driven by a global agreement with all countries around
the world approving the change,” suggested Pitt. “Otherwise, it’s simply
not workable.”
An Issue of Privacy
One major consideration is whether this is, in fact, simply
about protecting consumer privacy online — and if so, whether privacy protections should be limited to one continent.
“The request of the EU has some legs. It doesn’t make sense to be
forgotten on one version of Google’s search site but not on another,
just on the grounds of a different language or a different
geographical location,” suggested Mounir Hahad, head of Juniper Threat
Labs at Juniper Networks.
“An EU citizen could be traveling to non-EU countries and
inadvertently have access to search results that are supposed to be
filtered,” he told TechNewsWorld.
For those motivated to find filtered information, a VPN
connection is all it takes, and there are many free ones available.
“Governments have been slow to realize that the digital information
that describes, constrains and defines it citizens should be
protected as part of this responsibility,” observed Enderle.
“I’ve always thought that, given companies like Google are largely funded by mining and selling this information, they would either be nationalized or constrained,”
he added. “More countries in the EU, and eventually the U.S., will follow this
example.”
How This Will Change Online Business
One of the major concerns being voiced by opponents of the EU’s right to be forgotten and GDPR, is how these regulations could impact online businesses.
Expanding the scope won’t have any substantial impact on the way
businesses use the Internet, according to Hahad.
“The current situation, if it
stands, may indeed push some businesses to bypass EU local search
engine versions in favor of unfiltered ones,” he said. “On the contrary,
companies would prefer to apply the same rules across the globe and
not have to deal with local regulations.”
However, there is the view that it still boils down to censorship —
even if done for compelling reasons, such as to stop terrorist
propaganda, or simply to keep personal information truly
personal. Governments could determine what actually was fake news, and
potentially even censor content that they found offensive to their positions.
“In such a situation, terrible deeds could be perpetrated without fear of
censure, repercussion, or even the judgment of history,” said Douglas
Crawford, online privacy expert at
BestVPN.com.
These deeds simply would disappear from the public record, Crawford
told TechNewsWorld.
“Whatever happens, though, the right to be forgotten ruling will have
little impact on the way business is done in Europe,” he added.
“What will make a difference to Americans doing business in Europe, though, is how and when [Europe] chooses to enforce the Privacy Shield obligations that the U.S. government agreed to in 2016,” Crawford said.
Although the deadline for meeting these obligations has now passed, the
EU has yet to respond. Many businesses still could be taking a wait-and-see approach.
“Businesses will likely choose between shifting resources to the less
regulated markets or taking a blanket approach, where the most
stringent measures are applied across the board,” said The Media
Trust’s Rowland.
“The blanket approach will most likely be the most frequently used,
which will lead to a universal application of the most stringent laws,” he added, “and in short, consolidation rather than fracturing could be the
result.”
The final question may be what right does one region have to enforce
its rules on another region that doesn’t want them?
“There hasn’t been any shortage of countries that already try to
enforce their own censorship rules locally,” said Crawford, “but these
have no power to exert their version of reality on the world at large,
and thereby permanently change the historical record.”
Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.
Email Peter.