Tech Law

Google Digs In Heels Over Global Expansion of EU’s ‘Right to Be Forgotten’

Google took on French lawyers at the EuropeanUnion Court of Justice this week, in an effort to fend off expansion of the EU’s “right to be forgotten” judgment.

The EU’s attempts to broaden the scope ofthat judgment would be “completely unenvisagable,” andit could result in impositions on the values of different countries around the world, Google argued.

The right to be forgotten directive, which the EU imposed six years ago,allows individuals to request the removal of content from a search engine.

Although details about the actual review process were not disclosed, EU regulators released guidelines in the fall of 2014. However, Google already had removed nearly 1.4 million URLs months earlier. The company has maintained that it accommodated reasonable requests.

Google earlier this year said that it had complied with 43 percent of the 2.4 million requests it received between 2014 and 2017.

One point of disagreement is over the EU’sproposal that delinking requests made by EU citizens beimplemented by Google globally and not be limited to Europeanversions of the search engine. European regulators have called forGoogle to delink the content to prevent circumvention of the law.

Google so far has refused the French Data Protection Agency’s demandto apply the right to be forgotten internationally, which hasresulted in the search company becoming the subject of afour-year-long antitrust investigation.

The French watchdog group, Commission Nationale del’Informatique et des Liberts (CNIL) this week argued before the 15-judge panel that by limiting the delinking to Europe alone, content would be rendered difficult to find, but it would not be removed.

For example, information could be retrieved from non-EU URLs orby using a Virtual Private Network (VPN) tool to conduct the searches, the group noted.

Google is not the only tech company to face fines underthe right to be forgotten law. Yahoo, Microsoft, Facebook and Twitter also have had to comply with requests to be forgotten in the EU.

More EU Regulations on the Way

While Google has been attempting to push back against the right to be forgotten law,regulators in the EU have been pushing for more privacy and dataprotection.

The EU earlier this year implemented the General DataProtection Regulation, which gives consumers greatercontrol of personal data collected by companies online.

The EU recently has been considering rules that would require search engines and social media companies to remove allegedterrorist propaganda from their respective platforms within an hour ofa “competent” authority’s notification.

Europe, which has experienced a rash of terrorist attacks, evidently aims to crack down on the spread of such propaganda online, including its use as a recruiting tool.

In his annual State ofthe Union speech, European Commission President Jean-Claude Junckercalled for the removal of such content as way to reduce the likelihoodof attacks.

Addressing terrorist threats is just one topic in the back-and-forthdiscussions between the European Commission and techcompanies. The companies have emphasized the progress they’ve made in removing extremist content via automated detection technology.

Google, Facebook and other companies have not yet responded to the EU’scalls for action, but given the nature of Juncker’s message, the tech companies may find it difficult to mount opposition. It’s highly unlikely that any of them would characterize stopping terrrorism as an overreach.

“Governments have many rights and powers but only one true unalienableresponsibility — to protect and nurture the citizens that underlie thatgovernment,” said Rob Enderle, principal analyst at the Enderle Group.

“France, in this instance, is stepping up to this responsibility andapplying it broadly as they should,” he told TechNewsWorld.

“Facebook isn’t obligated under the First Amendment freedom of speech,” noted social media consultant Lon Sakfo, “and they aren’t required to print everything every nut-bag has to say.”

Torture videos and worse have been posted online.

“There are just some things that don’t belong on a happy social network,” Safko toldTechNewsWorld.

Is There a Right Way to Be Forgotten?

How this plays out could revolve around the issue ofthe so-called “right” to be forgotten, especially when so much online contentseems to live forever.

Fully addressing the problem could involve much more than enforcing aregulation. Someone, somewhere still could keep the content alive.

“The scope of complying with the EU’s expansion of ‘the right to beforgotten’ is hard to conceive,” said Charles King, principal analystat Pund-IT.

“An inadequate comparison would be to demand that libraries beresponsible for all the information in the books on their shelves, aswell as for removing citations that individuals believe areinaccurate, inappropriate or offensive,” he told TechNewsWorld.

“The fact is that libel laws offer people ways to pursue and policesuch information in hard copy publications, but nothing similar existsfor online content,” King added.

“This goofy scenario could become even more complex and costly ifGoogle and other search companies were required to exert these controlmechanisms on a country-by-country basis according to differingregulations,” he suggested.

“Google has taken a hard-line stand on removing anything from theirindex,” said Safko. “Since the beginning, it has said they are notthe Internet police, and they will not make determinations of whatshould be indexed.”

EU Overreach?

Clearly, the right to be forgotten is not something that easily can be contained within the borders of the EU. Does it follow that regulators in Europe should have a say about what individuals across the world can — or in this case, cannot — see?

“This isn’t only an issue for Google,” said Niles Rowland, director of product development for The Media Trust.

Other tech giants with a global reach also have come under threat from a growing number of EU laws, Rowland told TechNewsWorld.

Google knows it’s being watched closely — not only by regulators, but also byother companies and consumers. It has been treading carefully betweencomplying with EU privacy laws and ensuring that they do not exceed the intended scope and jurisdiction, Rowland pointed out.

“Google is not alone in opposing the expansion. The EU executive arm,human rights activists and others see the potential for abuse byheads of countries with weak democratic traditions,” he added.

“The ‘right to be forgotten’ for the EU is very relevant,” said Laurence Pitt, strategic security director at Juniper Networks.

It “meansthat businesses and individuals have to act as data controllers forthe information that they post to, or host on, the Internet — whetheror not they own it,” he explained.

“Google alone has had hundreds of thousands of individual requests fordata to be removed — the workload for this is huge,” Pitt toldTechNewsWorld.

This is where it gets complicated. Should Google somehow berequired to expand the EU directive globally isn’t feasible, given currentinternational laws.

“It needs to be driven by a global agreement with all countries aroundthe world approving the change,” suggested Pitt. “Otherwise, it’s simplynot workable.”

An Issue of Privacy

One major consideration is whether this is, in fact, simplyabout protecting consumer privacy online — and if so, whether privacy protections should be limited to one continent.

“The request of the EU has some legs. It doesn’t make sense to beforgotten on one version of Google’s search site but not on another,just on the grounds of a different language or a differentgeographical location,” suggested Mounir Hahad, head of Juniper ThreatLabs at Juniper Networks.

“An EU citizen could be traveling to non-EU countries andinadvertently have access to search results that are supposed to befiltered,” he told TechNewsWorld.

For those motivated to find filtered information, a VPNconnection is all it takes, and there are many free ones available.

“Governments have been slow to realize that the digital informationthat describes, constrains and defines it citizens should beprotected as part of this responsibility,” observed Enderle.

“I’ve always thought that, given companies like Google are largely funded by mining and selling this information, they would either be nationalized or constrained,”he added. “More countries in the EU, and eventually the U.S., will follow thisexample.”

How This Will Change Online Business

One of the major concerns being voiced by opponents of the EU’s right to be forgotten and GDPR, is how these regulations could impact online businesses.

Expanding the scope won’t have any substantial impact on the waybusinesses use the Internet, according to Hahad.

“The current situation, if itstands, may indeed push some businesses to bypass EU local searchengine versions in favor of unfiltered ones,” he said. “On the contrary,companies would prefer to apply the same rules across the globe andnot have to deal with local regulations.”

However, there is the view that it still boils down to censorship –even if done for compelling reasons, such as to stop terroristpropaganda, or simply to keep personal information trulypersonal. Governments could determine what actually was fake news, andpotentially even censor content that they found offensive to their positions.

“In such a situation, terrible deeds could be perpetrated without fear ofcensure, repercussion, or even the judgment of history,” said DouglasCrawford, online privacy expert at

These deeds simply would disappear from the public record, Crawfordtold TechNewsWorld.

“Whatever happens, though, the right to be forgotten ruling will havelittle impact on the way business is done in Europe,” he added.

“What will make a difference to Americans doing business in Europe, though, is how and when [Europe] chooses to enforce the Privacy Shield obligations that the U.S. government agreed to in 2016,” Crawford said.

Although the deadline for meeting these obligations has now passed, theEU has yet to respond. Many businesses still could be taking a wait-and-see approach.

“Businesses will likely choose between shifting resources to the lessregulated markets or taking a blanket approach, where the moststringent measures are applied across the board,” said The MediaTrust’s Rowland.

“The blanket approach will most likely be the most frequently used,which will lead to a universal application of the most stringent laws,” he added, “and in short, consolidation rather than fracturing could be theresult.”

The final question may be what right does one region have to enforceits rules on another region that doesn’t want them?

“There hasn’t been any shortage of countries that already try toenforce their own censorship rules locally,” said Crawford, “but thesehave no power to exert their version of reality on the world at large,and thereby permanently change the historical record.”

Peter Suciu

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and Peter.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Peter Suciu
More in Tech Law

To earn your loyalty as a consumer, how important is it that a brand provides a personalized experience?
Loading ... Loading ...

LinuxInsider Channels