back to article Google ECJ case: No commish, it means we don't need right-to-be-forgotten rewrite

Brussels' Justice Commissioner Viviane Reding claimed that today's EU Court of Justice's landmark search engine case, which stunned Google, served as a "strong tailwind" for her draft rewrite of the 28-member state bloc's 19-year-old data protection rules. But is she being a little optimistic? As I noted earlier today, the …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Data is no longer stored on a server?

    Wow, what have I missed? This is amazing news!

  2. fishman

    Who owns the data?

    "Reding argued, following the judgment:

    The data belongs to the individual, not to the company. And unless there is a good reason to retain this data, an individual should be empowered by law to request erasure of this data."

    So, if a Mr. X does something to me, and I blog about it, I don't own my account of what happened - Mr. X can demand that it be removed from search engines, etc? It sounds like a form of government enforced censorship.

    1. big_D Silver badge

      Re: Who owns the data?

      If you identify him by name and don't get a waiver from him, yes he can.

      Certified press is different, I believe.

      But a normal person or business cannot give out any personally identifiable information about a third party (name, address, telephone number, email address etc.) without that third parties explicit permission.

      Heck there are even strict rules on what you can do with PII within your own 4 walls - you can't for example plough through your CRM database and extract all the email addresses and put them in your own newsletter feed, they have to opt in to that; that isn't Data Protection directly, but is loosly related and falls into the purview of a company's Data Protection Officer.

      For example, PII has to be restricted within a company that only those that need to see the information to perform their job can access that information; no other employee is allowed to see that data - for example testing changes to your internal CRM database, the developer cannot see live data, all test data must be anonymised first. And "doing their job" is also strictly controlled under the DPA, a customer service rep, for example, cannot see into your last invoice when you call them, unless you first give them permission - Telekom / T-Mobile in Germany won't even let them look at the data then, you can't tell them over the phone that they can look at it, you have to send them a copy of the invoice!

      1. DaLo

        Re: Who owns the data?

        So much wrong information in that post, that I wouldn't know where to start. It is comments like this that end up with service personnel stating "can't, data protection innit".

        1. big_D Silver badge

          Re: Who owns the data?

          @DaLo as a Data Protection Officer in Germany, those are the rules that we have to abide by...

          1. Intractable Potsherd

            Re: Who owns the data?

            @big_D: are you claiming that, in Germany, a private individual, cannot send a letter (envelope contains PII by your definition) to someone who has not expressly said they wish to receive it? Or that someone cannot send out a group email to members of a club they all belong to unless it is channelled through one of the committee who holds a list of approved addresses? What about contacting someone I briefly met at a conference who I look up and then call, write to or email?

            Based on work I have done regarding the Data Protection Directive and its implementation throughout the EU, it seems to me that the rules you are working to are significantly over-the-top. The DPD does not require anything close to what you have described, and it is hard to see how those rules are even close to workable.

            1. big_D Silver badge

              Re: Who owns the data?

              As a private individual, it isn't as strict, privately, but at work or in a club, yes. If the member of a club hasn't given permission, then no, you can't send him a newletter type mail. If they have given you their email address, you can converse with them.

              Electronically you cannot give out their personal details without their permission - in business or club etc. Likewise a company cannot sell on the data to another entity without permission. As I said above, you can't even use the details internally to add them to a mailing list.

              Within the company you must ensure that the data is kept on a need to know basis. If the PII doesn't belong to the job function, you don't get to see it. This is why things like invoices aren't available to support desk workers etc.The same goes for financial information about customers etc.

          2. DaLo

            Re: Who owns the data?

            I am not one to say what is specific by law in Germany as you did not state that what you were quoting was specific to Germany and I am not inclined to look up German Law but stating the DPA on The Register you would expect it would apply to the UK Data Protection Act which makes your points definitely not apply under UK Data Protection Laws.

            For instance in the UK you are quite welcome to e-mail your CRM databases your newsletter if they have a relationship with you, without their explicit permission. You are not allowed to buy in databases from elsewhere for potential leads for non-business individuals unless they have given consent though.

            You can also identify someone by name quite readily without "a waiver" under many circumstances and use personally identifiable information without a waiver. For instance if someone sent in a letter of recommendation saying how great your company was, you could pin it up on your wall in the reception without needing to ask explicit permission. It would be polite to ask but not necessary by law.

            1. big_D Silver badge

              Re: Who owns the data?

              Yes, the German DPA are a lot more protective of the individual than the UK DPA, it is one of, if not the, most restrictive in Europe.

              That probably explains why the commentators in the UK are saying that it is overblown and other parts of Europe are going, 'well, duh'.

  3. frank ly

    Yes but

    "The data belongs to the individual, not to the company."

    In the case against Google, the data was a newspaper report (belonging to the Spanish newspaper) of a court case in Spain and is therefore a matter of public record throughout the EU. There is some very woolly thinking and strange arguments being bandied around in this area.

    The 'right to be forgotten' should be about personal photographs and early attempts at poetry, not court cases that you now find embarassing.

    1. Dave Bell

      Re: Yes but

      In English Law (I don't know about Scotland) there is the concept of the "spent conviction". After sufficient time a conviction ceases to be on public record.

      It might still have been in a newspaper report. lost in microfilm records in a local archive or the newspaper office, but getting from you to the record is hard.

      Now newspapers are being digitised, and you can read a newspaper in Australia over the internet. And then you find a story of the vicar in the village where your father grew up.

      Maybe some Australian is reading about my father's one conviction, some fifty years ago. He'll find mention of a right troublesome family, who had a Council House within fifty yards of the local Police Constable.

      It doesn't matter to me. It might matter to one of the other people mention by name in a newspaper report. But how can there be any controls if they do not apply to Google and their like?

      Or should I have left the text, garbled by OCR of old newsprint. I and my father knew and remembered enough to clean it up. My father is dead now. but should I have let his stories die with him?

      But what do I want to see published about me? And if Google can spew my life over the world, lets see all the tales of what those Bullindon laddies were doing.

      I visited Oxford occasionally in those days. And friends said I was good at looming.

      I think I might have done more than loom if I had run into that mob.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yes but

        The thing is that newspaper themselves are online now. Is the ECJ saying that the newspapers own (searchable) archives must delete stories even if they're true? Is that okay just because the story is no longer "lost in microfilm records in a local archive or the newspaper office"? I don' t bloody think so.

        It's a crazy, stupid ruling by morons in fancy dress trying to drum up more work for their mates in the legal industry. These same knobheads will be the ones arbitrarily deciding that this fact is historically valuable and that one isn't and since they're the top of the legal tree in Europe there's nothingyou can do about their decisions.

      2. Intractable Potsherd

        Re: Yes but

        The thing with newspaper archives is that they have *always" had this kind of information available. There has never been a process by which a notice went out for all copies of a certain edition to be censored of the details of details pertaining to a crime, or anything else. This is good, because they are a historical record, and nothing should be deleted from them. Let's face it, if this is taken to its logical extreme, court reports will have to be destroyed after the spending of a conviction - they are all online these days. It's going to make the UK's doctrine of precedent really difficult to maintain, but hey, it's a small price to pay for having "the right to be forgotten"!

        There needs to be some sensible discussion about this, not driven by a bunch of idiots so embarrassed about what they did that they want to forget it all. There are some arguable cases where being able to vanish is something to be allowed, but being able to rewrite (or completely remove) history to soothe wounded pride doesn't fall into that category.

    2. Anonymous Coward
      Anonymous Coward

      Re: Yes but

      > not court cases that you now find embarassing.

      According to your own account, the case is about a newspaper report of a court case, not the case itself.

  4. Smoking Man

    Google, rest assured, TTIP is going to fix all of that for you.

  5. photobod

    Pointless posturing

    "We should look to better understand each other and our respective laws rather than unpicking enduring principles and introducing an entirely new, and quite possibly impractical regulatory framework."


    It's an EU ruling. Ignoring any discussion of the merits or otherwise of the idea, it's little trouble to find information stored outside EU jurisdiction, even if it is blocked within Europe.

  6. Julian Bond

    I've been on the other end of this as sysadmin for a social network and had to deal with requests for allegedly libelous content too be removed that was posted by 3rd parties on our site and then indexed by Google. I don't believe this is Google's problem but rather that of the source and hosting site.

    If somebody wants something removed they should inform the site hosting the information. The host should remove it, return a 404 with no index and no follow for that URI and then request a re-index of that page from google and other indexing sites that they allow via robots.txt. That includes

    The Internet Archive raises the issue of cached copies. This should also be dealt with via the 404-noindex-nofollow. Good caches should always respect the 404 and delete their cached copy.

    This approach recognises that a piece of data on a URI may be copied repeatedly all over the web not just by search engines or by some future technology that makes that data visible. There needs to be a protocol for saying "It's gone as if it never existed". And sure enough, there is. It's 404.

    There is a problem though that perhaps this EU ruling deals with. It's not normally possible for a 3rd party to tell Google to re-index a URI where they're not the webadmin as recognised for Google's webadmin tools. The source may have disappeared and 404 but google still has a record. It should be possible for the courts or a private individual via the courts to force Google to re-index that URI.

  7. Version 1.0 Silver badge

    Dear Google...

    My name is Adolph ... and that little business in 1939 with Poland, can we forget about that too please? The EU says that I have the right to be forgotten.

    1. AndrueC Silver badge
      Big Brother

      Re: Dear Google...

      My name is Adolph ... and that little business in 1939 with Poland, can we forget about that too please

      Well you've already forgotten how to spell your own name so that's a start :)

  8. Chris_B

    The truth is still out there

    Please correct me if I'm wrong but just deleting something from a search engine doesn't actually remove it from the source. So, it's still out there in the Interwebs ready to be found again later.

    Also, does this just apply to the EU? So if I search on a US site or a Russin one for that matter will I still find the offending material ?

    1. Anonymous Coward
      Anonymous Coward

      Re: The truth is still out there

      well if it isn't linked to by search engines for the most part it may aswell not exist for the majority of people.

      Already there seem to be a number of interesting requests for having information removed according to the beeb, a paedophile that wants links to his trial / case / etc removed from the internet and a politician that wants links to naughty things he's said removed.

      I'm sure there will be many more exciting things, a bit like ukip trying to bully twitter users into not highlighting their policies...

  9. Charlie Boy

    MIssing the point

    I happen to agree with the judgement, and feel it's been careful in what it does and doesn't say.

    From my understanding, the judgement deliberately only applies to Search engines and not the source, this is so that the original information is not deleted, edited or censored in any way. What the judgement does say is that the search engine can no longer link to the original information, thereby protecting the privacy of the relevant individual.

    As compromises go I think this is about the best we can do in terms of having a free uncensored internet and individual privacy.

    What really annoys me about the likes of Google and Wikipedia, from their post judgement statements, and their pervious actions, is there belief that they and everyone on the internet has the right to every bit of information about you, and you have no right to privacy. This is wrong, and luckily the ECJ recognises our individual right to privacy.

This topic is closed for new posts.

Other stories you might like