Google and the Right to Be Forgotten
A Spanish citizen has compelled Google to delete links to online newspaper articles that described the person’s debt problems in the 1990s. The European Court of Justice held that the information was ‘no longer relevant’ and it thus violated the man’s privacy for it to be available through an easy search. (A Spanish court had earlier refused to require the newspaper sites to take down the information, which was perfectly true.)
So: does this ruling make any sense at all, to impose the obligations of a ‘data controller’ on a search engine?
How can the search provider know for sure that people requesting the deletion of a link is who they say they are?
How can it judge whether the data sought to be erased could “appear to be inadequate, irrelevant or no longer relevant or excessive … in the light of the time that had elapsed”. The court said that even accurate data that had been lawfully published initially could “in the course of time become incompatible with the directive”.
The court said that there is a balancing public interest defence against deletion, especially if the individual is involved in public life – but how can the search provider know for sure?
The court also said that the existing EU directive on privacy from 1995 already contains a right to be forgotten. Do you think that Canadian law – PIPEDA or the provincial equivalents – also offers such a right?
Does it make a difference that the websites found through the Google links have not been required to delete the content that the plaintiff in this case found objectionable. Are we going back to ‘practical obscurity’? Or will people just have to find search providers not so subject to EU law (or Canadian, if the right is in our law too)?
Lots of opinions, pro and con, here. One commentator says that claims of impending disaster for search engines should be viewed with ‘icy scepticism’…
What would, or should, a Canadian court do?
It seems a strange conclusion, that the original material can stay up, a republication can stay up (for now, but see below), but that a link to the publication must be taken down.
The wording suggests that anyone “processing” the information, such as to create a search-results page, should be required to take it down on request. If that is the case, newspaper sites could be named in a future suit, then the newspapers themselves, any court-report sites, then Lexis Nexis for writing summaries, then Westlaw for publishing a looseleaf and so on.
On the face of it, we’re looking at an example of terrible public policy. We already have decent protection against obsolete or incorrect legal information through specific court orders, youth courts and pardons, and need this overarching invention of the EU like we need a legal requirement to forget the criminal behaviour of a certain railroad running through Quebec…
A followup from the UK: Ross Anderson (Cambridge) looked at credit reporting agencies, found they were now “data controllers” under this interpretation and are subject to takedown requests. See http://www.lightbluetouchpaper.org/2014/05/15/small-earthquake-not-many-dead-yet
This allowed him to inform the UK Information commissioner that bad practice by the agencies was back on his plate again…
He ends with “I wonder what other information intermediaries will now have to revise their business models?”
Is LN an intermediary in the UK, I wonder?