Google Inc. risks a fresh round of criticism after its attempts to apply a court ruling giving citizens the right to be forgotten backfired, Ireland’s data watchdog said ahead of an industry summit with European Union privacy chiefs.
The world’s biggest search engine’s policy of telling media when it had pulled links to some stories has resulted in outlets flagging such articles. That may mean more publicity for a person who had asked for a removal from search results in the first place, said Billy Hawkes, the Irish Data Protection Commissioner.
“The more they do so, it means the media organization republishes the information and so much for the right to be forgotten,” Hawkes said in an interview in Dublin. “There is an issue there.” His comments follow a similar rebuke by Johannes Caspar, the data regulator for the German state of Hamburg.
Jogging memories rather than hiding them is one of the unintended consequences of the top EU court’s surprise ruling that ordered Google and other search engines to take down personal information on request if it’s outdated or irrelevant. Privacy watchdogs from the 28-nation bloc start to grapple today with how to build a more coordinated approach.
At the Brussels meeting, national regulators in the EU’s so-called Article 29 Working Party will hear from search engine providers and plan to agree guidelines in September. The event gives search providers including Google, Microsoft Corp.’s Bing and Yahoo! Inc. the possibility to comment on how they plan to comply with the right-to-be-forgotten ruling, according to Hamburg’s Caspar.
Al Verney, a spokesman for Google in Brussels didn’t immediately respond to a request for comment on the data-privacy meeting. Microsoft declined to speak about the event. Yahoo will be present, said Caroline Macleod-Smith, a spokeswoman for the company.
Google is telling website operators when it removes links from search results on a person’s name that point to their pages. The British Broadcasting Corp.’s website and the Daily Telegraph and Guardian newspapers have flagged stories that they were told would have links cut. Google says it’s trying to be transparent and won’t share details of why it’s taking down links in order to protect a person’s privacy.
While Google triggered rebukes for the way it pulled some search results to articles, Hawkes said the handling of rejections of requests for information to be removed is also fraught with potential pitfalls for search engines and their regulators.
Regulators are also pressing Google to remove links on sites outside Europe, including its main site Google.com, according to two people familar with discussions who asked not to be identified because talks aren’t public. Google.com gets fewer than 5 percent of user searches in Europe, the European Commission has said.
The court ruling “puts the onus on data-protection authorities” which will have to handle appeals over Google’s decisions on removing personal data, Hawkes said. “The more they apply it in the direction of the right to know, the more appeals we will have to deal with,” he said.
People who want certain information to be forgotten don’t have an incentive to appeal a negative decision by a data-protection authority to the courts and draw more attention to their case, Hawkes said.
Irish Data Protection Commissioner Billy Hawkes said, the court ruling “puts the onus on data-protection authorities” which will have to handle appeals over Google’s decisions on removing personal data. “The more they apply it in the direction of the right to know, the more appeals we will have to deal with.”
Getting European watchdogs to agree is “going to be very challenging because throughout Europe there are different views on the degree of privacy a public figure should expect about their private life” and different rules on reporting spent convictions, when a criminal record can’t be mentioned any more, Hawkes said.
By the end of last week, Hawkes said the Irish regulator has received two complaints from the public, seeking to have Mountain View, California-based Google remove search results. The U.K. Information Commissioner’s Office received 12 complaints as of July 16, agency spokesman Greg Jones said July 22.
“Ideally what we want to do is to have some sort of consensus across Europe,” Jones said. “This is how we look to respond, this is how we handle somebody who isn’t happy with our response. It’s a matter of process.”
With U.S. companies such as Facebook Inc., Apple Inc., and LinkedIn Corp. having Ireland as their main European base for data-protection purposes, policing privacy resembles a battle between David and Goliath for thinly staffed agencies in one of the EU’s smallest nations.
Even as Ireland’s light-touch approach to policing Facebook has led to criticism, Hawkes denies that Ireland goes easy on data protection, saying the country is unfairly labeled a data haven because of a separate debate over whether it helps large companies avoid large amounts of tax.
The European Commission said last month that it’s probing Irish tax arrangements with Apple as part of a broader investigation into possible illegal state aid to multinational companies also involving the Netherlands and Luxembourg.
“The assumption is that we will do anything to attract international companies” without any evidence put forward to show where Ireland is deficient in regulating companies, Hawkes said.