One of the most interesting questions in European tech privacy circles right now is about territoriality and the so-called “right to be forgotten” — when an EU citizen requests the delisting of a piece of information about them from Google’s search results, should it apply only in Europe or around the world?
On Thursday Andrus Ansip, the EU vice president in charge of the digital single market, said the delisting should apply globally. He gave this as his personal opinion — he has no say in the matter — but that opinion comes down on the side of Europe’s data protection regulators, who fear that limited implementation is too easily circumvented by visiting non-European versions of Google. Google’s expert advisors have almost unanimously taken the opposing view, arguing that Europe has no right to impose its privacy laws on the rest of the world.
Whose law is it anyway?
Here’s what Ansip said during a round-table Q&A session at the Google-sponsored Startup Europe Summit in Berlin:
Everybody has to respect a decision made by the courts. This right to be forgotten is not just based on a decision of court, but a court decision based on EU legislation. [It is] not a new principle. I think if a decision is made [and the] court case is closed, then it covers the whole company, not just some territories, but this is my personal view in this case.
The decision in question was made last year by the Court of Justice of the European Union, the EU’s highest court, in a case involving a Spanish man who wanted to remove from Google’s results an old news article about his long-ago debt problems. The CJEU’s decision set a new precedent by saying EU data protection law, which allows people to request the erasure of out-of-date information about themselves in limited circumstances, applied to search engines.
The question of how far its implementation should extend touches on a fundamental conundrum about the internet — countries need to be able to apply their laws online as they do offline, but the onlne layer’s lack of inherent borders makes that difficult to do effectively. If countries can impose their laws on the world, that means what internet users see can be affected by the laws of multiple countries at once, and not just their own.
Data protection and net neutrality
Ansip also touched on the issue of Europe’s tough new data protection laws, which he wants to get through the Council stage (i.e. final approval by the member states) by the end of this year. This legislative package would massively boost online privacy rights, providing a right to the erasure of personal data and allowing for much harsher fines on companies from anywhere in the world that mishandle the data of European citizens.
The vice president said he said he was against watering down the new privacy rules in order to strike a compromise: “I don’t think we have to protect everybody’s privacy, everybody’s personal data just because of some kind of directive or agencies that are asking to do that. To protect privacy, to protect data is a must.”
On the subject of net neutrality, which is part of a separate legislative package that’s also being finalized with member states, Ansip appeared a little less clear. Having earlier in the day maintained in an on-stage session that some kinds of web traffic may require prioritization over others, and having then insisted that “similar traffic has to be treated equally”, he went on to suggest during the round-table Q&A that “if we make tough standards then we will not leave space for innovations”.
It is very difficult to tell at this stage where he might compromise with the Council, some members of whom are more keen on loose principles than tight, enforceable net neutrality rules. He said on Thursday that it was important to reach consensus so as to give predictability to network investors and startups alike, and noted (in what seems to be an approving tone) that the latest Council proposals were “pretty close to the Commission’s proposal”.
The Commission’s proposal – the first draft of Europe’s incoming net neutrality law — was heavily toughened up by the European Parliament before it went to the Council, through the addition of strong definitions that precluded the possibility of prioritizing specific services over others. Where the final compromise will lie remains a mystery for now.