In a move that could set a crucial precedent for all service providers, Google pushed back against the expansion of what's become known as the Right to be Forgotten (RTBF) ruling, and refused to comply with a notice issued by French data protection agency Commission Nationale de l’Informatique et des Libertes (CNIL) mandating the company remove links from its domains worldwide (as opposed to removal by country only). “We respectfully disagree with the CNIL’s assertion of global authority on this issue,” said Google Global Privacy Counsel Peter Fleischer.
The order, issued originally by a Parisian court in September 2014 and escalated by CNIL in June, contended that Google’s approach of removing links from only country-specific versions of Google’s websites (such as google.fr) did not sufficiently protect the right to be forgotten. “CNIL considers that in order to be effective, delisting must be carried out on all extensions of the search engine and that the service provided by Google search constitutes a single processing,” it said in a statement on its website.
As we’ve noted, orders like this one are a serious and growing threat to online expression. No individual country should have the ability to inhibit worldwide access to information. Says Google:
“While the right to be forgotten may now be the law in Europe, it is not the law globally. Moreover, there are innumerable examples around the world where content that is declared illegal under the laws of one country, would be deemed legal in others: Thailand criminalizes some speech that is critical of its King, Turkey criminalizes some speech that is critical of Ataturk, and Russia outlaws some speech that is deemed to be ‘gay propaganda.’ If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom. In the end, the Internet would only be as free as the world’s least free place.”
While Europe's current model for enforcing the right to be forgotten doesn't outlaw content, it does demand that Google remove entries from its search results displayed in response to certain queries. An expectation that any country can impose such requirements on the global internet will inevitably lead to either intermediaries adopting a lowest common denominator for what material is made visible, or tie Internet intermediaries up in enforcing mutually contradictory decisions.
Indeed, across the Atlantic, the highest Constitutional Court in Colombia has illustrated the differences in approach across the world, by refusing to recognize a European-style “derecho al olvido” (right to be forgotten) in that country. In a legal action against El Tiempo, the main newspaper in the country, a Colombian citizen named Gloria argued that her right to a good name and privacy were violated in the publication and subsequent indexing by Google of a newspaper article in which El Tiempo said that she participated in an alleged crime, for which she was never convicted.
Seeking to balance the right to clarify the record and the right to freedom of expression, the court held that the newspaper was not required to remove the article. The court did require the newspaper to update the published information and use “robots.txt” and “metatags” to prevent the indexing of the content by Google due to the particularly serious nature of the crime and the severe personal consequences for Gloria.
The court was very clear on one point: Internet intermediaries, such as Google, are not liable for the content where the damage to fundamental rights were done by third parties, in this case, El Tiempo. Moreover, since this case has the potential to jeopardize the freedom of expression of a media outlet, the Court applied the Inter-American Court of Human Rights’ “permissible limitation test” to assess its potential impact.
The court concluded that ordering a search engine to block results would constitute a form of prior control and turn the search engine into a censor of user-posted content. That, in turn, would undermine guiding principles of Internet architecture: “equal access, non-discrimination and pluralism.”
Too bad the CNIL doesn’t share that view. Nor, it seems, do several other courts. We are seeing more and more “global” takedown orders: in Canada, for example, an appeals court recently upheld a ruling in a trademark case that argued Google had to purge links on Google.com rather than just Google.ca. Such orders are increasingly like to be based on laws that mimic Europe's Right to be Forgotten decision, as other countries, such as Russia, enforce their own interpretation of the principle.
Companies too are beginning to capitalize on the new framework. For example, Spanish company Eliminalia.com has become particularly popular among politicians in Latin America. Over 200 lawmakers have hired the company to help them erase their data across the Internet, and the company has opened an office in Mexico to help globalize their operation.
Europe's model of implementing RTBF, with no judicial overview, no right for publishers to challenge delisting before it is executed, and where private companies like Google are commandeered to act as interpreter and enforcer of an ambiguous legal principle, makes it hard to understand the extent, impact, and justice of these removals.
To develop sound policy responses, we need greater transparency from the service providers who have been entrusted with managing the delisting. The EU Court ruling includes a provision that decisions on requests evaluate the “interest of the public in having access” to the information.
Right now, the public has no real way of knowing how Google, let alone other search engines making these decisions, are making that evaluation. In May, a group of 80 academics called upon Google to provide more information about how it is executing RTBF requests. Currently, Google only provides limited information on the results that have been removed, such as the total number of requests and removals and the sites most impacted, as well as give a blanket disclosure statement that results have been removed at the bottom of a search page. Advocates for the Right to be Forgotten say Google is being selective in its self-reporting, but Europe's data protection authorities have also told the companies that they should not reveal information about their decisions--not even to the original publishers whose work they remove from their results. Both Google and the European data protection authorities have narrow interests in presenting one side of the story of RTBF removals. The public has a right to see the complete picture.
Google’s done the right thing by pushing back against the CNIL. We hope they also press for sharing more info with the public, so that we can have a grounded debate about the real, global, effect of the rise of the Right to be Forgotten.
Share this: || Join EFF