Google and other search engines should remove links to out-of-date or unwelcome personal information from all of their search results around the world – not just in specific European countries – when people in Europe ask for them to be taken down and there’s no good reason not to, EU data protection officials have decided.
It remains to be seen how [company]Google[/company], [company]Microsoft[/company] and other international search providers will react to the guidelines decided on Wednesday by the Article 29 Working Party, a group of data protection regulators from across the European Union, regarding the application of the so-called “right to be de-linked.” I think applying the EU right to the likes of Google.com is a terrible idea and will explain why in a moment, after a refresher on the background to the matter.
It’s important to note that, while the regulators are central to the process of figuring out the meaning of the right and applying it, they can do little more than fine the companies for non-compliance. Apart from some disingenuous spinning, Google has so far mostly shown good faith in trying to apply the right as instructed.
The right to be de-linked (sometimes inaccurately called the right to be forgotten) was established in a ruling by Europe’s top court earlier this year. It is not a new law, but rather a confirmation that existing privacy laws also apply to search engines. Since that May decision, Google — the most affected search engine, with over 90 percent market share in Europe — and others have been trying to figure out how best to apply it.
The Court of Justice of the European Union (CJEU) ruling is not supposed to be used to remove information that is in the public interest, so in theory it should not permit people to have news articles about their wicked deeds de-linked. However, its application has been patchy and news organizations have enthusiastically highlighted instances where it amounts to unjustifiable censorship.
On the other hand, the right has also been used by, for example, rape victims to obscure online references that name them as such – references that might be among the first links to come up if people search for their names. This is a deeply complex issue. It’s also a European issue.
On Wednesday the Article 29 Working Party agreed on guidelines for how to apply the ruling. As part of those guidelines, to be released soon, search engines would need to apply the link takedowns to all their websites, such as Google.com. So far, de-linking only affects Google’s European domains. It is of course easy to work around such restrictions by using another Google domain.
Isabelle Falque-Pierrotin, the chair of the group, was quoted by the Wall Street Journal as saying wider de-linking was needed to uphold the court’s desire for an effective remedy. “These decisions should not be easily circumvented by anyone,” she said.
The group said that EU law gives everyone a right to data protection, but in practice regulators would focus on cases where there is a clear link between the data subject and the EU, such as residency or citizenship. The links do not have to disappear altogether — just for searches that are based on the subject’s name.
According to the Register, another guideline states that search engines don’t need to tell webmasters when they are de-linking content from their sites.
“We haven’t yet seen the Article 29 Working Party’s guidelines, but we will study them carefully when they’re published,” a Google spokesperson said via email.
I can understand Falque-Pierrotin’s logic, but even I — someone who finds value in the concept of the right to be de-linked — think this is an awful decision.
It’s part of a worrying trend, taking place around the world, for local or regional internet-related rules to apply everywhere. Again, it is understandable why regulators want to do this – the internet is a global medium, and it’s near-impossible to geographically limit effective regulation – but the result is layers of overlapping jurisdictions.
The U.S. arguably started all this with its DMCA copyright system, which means I cannot see in Germany something that Google has de-linked — across all its domains around the world — due to U.S. copyright law. The recent U.K. DRIP Act forces web service providers, no matter where they are based, to store information on their British users and offer it up for perusal by British spies and law enforcement.
Why then should China not be able to censor content about the Tiananmen Square protests in the U.S. or Germany? Sure, those countries have stronger free speech laws, but someone in China might see this content (if they can get around the Great Firewall). Why should Russia not be able to demand that widely read bloggers around the world avoid obscene language, as they’re supposed to in Russia? After all, those bloggers can be read in Russia too.
I’ve grappled with this conundrum before and I still don’t know what the answer is. As far as I can tell, no one else has figured it out, either.
Countries have to be able to apply their national laws online as they do offline – the two are intertwined now – but it cannot be the case that national or regional laws are pushed onto other countries as well. Both Europe and the U.S. believe in free speech and privacy, but Europe gives more weight to privacy and the U.S. sees free speech as non-negotiable. Neither should mess with the other’s chosen balance of rights.
Americans are going to hit the roof over the suggestion that a European court can override their precious First Amendment, and I really cannot blame them. It’s wrong.
This article was updated at 10.20am PT to add Google’s comment and to note that de-linking currently affects all of Google’s EU domains and is not executed on a country-specific basis.