Europe mulls weaker 'right to be forgotten' Google rule

Could cut out heart out of Data Protection Regulation

European ministers are moving in favour of a watered down version of the so-called "right to be forgotten" rules, following discussions on the drafting of the Data Protection Regulation on Friday.

A ruling by the European Court of Justice in May ordered Google to remove links from its search results that went to outdated or irrelevant information.

It has generated huge interest from users asking for information to be effectively de-linked (135,000 requests at last count).

However, even though this right is included in the draft of the new law, most ministers argued for the final inclusion to be a watered-down version of the ECJ ruling.

The UK argued there must be a balance between freedom of expression and the right to be forgotten, and that can only be decided on a case-by-case basis. The Netherlands agreed, and said that it was best left to the courts.

The UK, Germany, the Netherlands and the Czechs all agreed that they want a broader wording than the court ruling gave, and said there was no need to copy the ECJ text into the new law.

Germany's representatives argued that freedom of expression has better protection under current laws. Meanwhile, Estonia argued the Data Protection Regulation wasn't the right place to try to regulate free speech.

Austria said there must be some sort of control as questions of privacy and free speech should not be left to Google.

However, the Council’s legal service intervened to point out that the ECJ ruling effectively said the right to be forgotten trumps free speech, despite national ministers arguing for balance.

In fact, to some extent, the ECJ ruling is treaty law, and the Council can’t really draw up a regulation that goes against that.

Christian Wiese Svanberg a privacy lawyer at Copenhagen-based Plesner law firm, said it was likely some wording about member states having a judicial process would probably make it into the final law. “There are already so many provisions using words like “necessary” and “proportionate” that it should be possible to give member states some room for maneuver, the lawyer said.

However, he added that one area where there is a lot of member state opposition is the application of the right to be forgotten to the public sector. “If they left that out, and just applied it to private companies, a compromise would be reached much sooner,” he said.

As it is, it seems unlikely that the final law will emerge until 2016, despite national leaders promising the regulation by the end of 2015 (at a meeting back in October 2013).

“Things are definitely moving,” said Svanberg, “but based on my experience, they will not reach a position in Council before early 2015. Then they must negotiate with the European Parliament and the Commission. Realistically, that only leaves nine working months to the end of 2015 and although in principle a deal could be reached, it wouldn’t be pretty! More likely they will take their time and come up with something in 2016.”

According to insiders, one of the reasons things are now moving ahead is the recent change in personnel. The former Justice Commissioner Viviane Reding, who proposed the regulation, was unpopular and some members of the council deliberately stalled just to annoy her.

More personnel changes are also on the cards with a new European Commission due to be installed in November. What sort of bearing that will have on negotiations remains to be seen.

Other issues that have been stumbling blocks for the regulation include the “one-stop-shop” principle — a single national data protection authority responsible for all those companies with a head office on its territory. This would put Ireland’s data protection authority in charge of tech giants such as Google and Facebook, something Germany, in particular is not happy about.

However, a so-called “consistency mechanism” might solve this problem, explained Svanberg. “Essentially a souped-up A29 working party or overarching European data protection authority might have the power to hand down binding rulings.”

A second area where there may be room for negotiation is the Data Protection Directive. The Data Protection Regulation, which will have to be implemented word for word by member states, applies to private companies. The directive, however, only applies to law enforcement bodies. Many national governments basically want the directive killed, and it’s possible that the European Parliament will give way on the directive in order to get the regulation passed.

As it stands, the new regulation will apply to non-EU companies as well as European ones if they process EU citizens’ personal data obtained from selling or marketing goods and services to EU citizens. Proposed penalties for non-compliance are a fine of 5 per cent of a company’s annual revenue, or up to €100m. ®

Other stories you might like

  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading

Biting the hand that feeds IT © 1998–2022