It isn’t easy to implement the European Court of Justice’s right to be forgotten decision. According to one press report, Google has received 70,000 requests for link removal through its online form since the program went into effect last month. Another report says requests to remove links are arriving at an estimated rate of one every seven seconds. As predicted here after the court’s decision in May, the results are not pretty. But the fault is not in implementation but in the flawed underlying decision that restricts free expression and puts substantial legal discretion in the hands of search engines.
Let’s recall how extreme the decision was. It said that under European law privacy trumps free expression in the context of Internet search. The right to respect for private life and the right to the protection of personal data “override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in finding that information upon a search relating to the data subject’s name.” There can be an exception to this general rule: “…for particular reasons, such as the role played by the data subject in public life, that the interference with his fundamental rights is justified by the preponderant interest of the general public in having, on account of inclusion in the list of results, access to the information in question.”
The court’s standard for determining whether privacy interests are implicated was whether the information was “inadequate, irrelevant or no longer relevant, or excessive…” The court added that triggering privacy interests did not require a finding that “the inclusion of the information in question in that list causes prejudice to the data subject.” So what would trigger privacy interests? To say the court’s guidance is extraordinarily vague is an understatement.
Given the court’s reference to search engines in making access to information “appreciably easier” and playing “a decisive role” in the dissemination of information on the Internet, it is hard to avoid the conclusion that the intent of the court was to limit the effective dissemination of information on the Internet. But it did so by granting discretion to search engines to make some delicate value judgments and without specific guidance on how to make those judgments.
So how’s the implementation going? Certainly Google hasn’t done everything right. Taking down some links and then apparently restoring them certainly seems to be a misstep. But on the whole they’ve done a pretty balanced job. They are requiring the filing of a request, including a statement on why release of the information would not be in the public interest. There is no indication that they are granting all requests or turning all requests down. They notify the publisher of the links removed from search results, but they do not reveal the identity of the person requesting the take down, since this would reveal the information that the data subject was trying to conceal. They are following the law by limiting take down’s to EU citizens and to EU search results rather than extend the EU regime to the world.
Some commenters suggest that search engines are granting too many deletion requests and should instead routinely decline them all – which would force the data subjects to go data protection authorities or the courts to get links removed. [Read more...]