UK Lords slams EU ruling on "right to be forgotten" - Tim Holman in SC UK Magazine

Penetration Testing Experts


A committee sitting in the UK's House of Lords has said that the EU's ruling on the ‘right to be forgotten', which requires companies to delete data on request where appropriate, is ‘unworkable'.

UK Lords slams EU ruling on "right to be forgotten"

The Lords Home Affairs EU Sub-Committee today ruled that the “right to be forgotten” is difficult to implement and that it should not hinge on Google and other search giants deciding which links should be removed from web search results.

The right to be forgotten – a prominent part of the EU's forthcoming General Data Protection Regulation – has essentially been operating pre-law ever since Europe's top court, the European Court of Justice, ruled that “irrelevant or outdated” information should be deleted from online search results in Europe as part of the 1995 data protection directive.

The landmark result was on the back of a court case in Spain where a local man requested that Google remove links to a website showing an auction notice back from 1995. The Silicon Valley tech giant has been busy ever since and told EU regulators last week that it has received 91,000 take-down requests relating to 328,000 links, approving 50 percent of these.

EU regulators have asked the search engine operators to provide more information on how they've implemented the right to be forgotten since the ECJ ruling.

However, the Lord Home Affairs EU Sub-Committee criticised such a ruling in a new report issued earlier today, and also appear to question the data protection reforms being drawn up by the European Council.

On the right to be forgotten, committee chair Usha Prashar said that it was “crystal clear” that both the 1995 directive and ECJ's own interpretation did not properly reflect the “incredible advancement in technology” over the past 20 years. This is summed up by the fact that the ECJ's ruling in the Google Spain case was based on Article 12 of the EU's 1995 directive – which was drawn up three years before the search giant even existed.

Prashar added that smaller search engines lack the resources to carry out take-down requests and also said that it was wrong in principle for them to do this anyway, as they are not the data controller and not liable as “owners” of such information.

“We heard from witnesses how uncomfortable they are with the idea of a commercial company sitting in judgement on issues like that,” Prashar told The Guardian.

The cross-party committee – which reportedly took advice from the Information Commissioner's Office and Lib Dem's justice minister Simon House -also believes people should not have the right to remove links to accurate and lawfully available information if they simply did not like what was being said.

Responding to the news, Tim Holman, CEO of QSA 2-sec and ISSA UK chairman, admitted that there's still a fair amount of confusion over what constitutes a fair request, and how data is pulled in a world split between digital and print, but believes that logistically problems will continue to arise.

“The only way to put regulation in place in practise would be to stop information at the source but that would be like stopping newspapers from going to the publishers. It's not going to work,” Holman told SC, who added that these changes are hinging on an “outdated data protection act.”

Sally Annereau, data protection analyst at legal firm Taylor Wessing, said that these comments can be interpreted as a wider review of the incoming EU General Data Protection Regulation – expected to come into effect in 2015 – but questioned whether the ‘isolated' UK government would have enough clout on its own to negotiate any major changes to the proposed law, given the 28 member states in the European Council.

“If the government is isolated in the negotiation process, will they achieve any change when the regulation comes into practice?” she said.

The RTBF is an ‘easy target' and she says that navigating change is going to be tricky, not only because of print and digital but also because of social media (making things “harder to remove”) and worldwide URL extensions like .com that will be beyond the EU's control.

“This is European law putting itself against a global technology,” she said, adding that a global standard could be required to enforce RTBF changes.

Annereau added that logistical issues could also crop up for the regulators dealing with complaints, with many of these often on small budgets and with limited resources.

This article was first published in the SCUK Magazine on 30th July 2014

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top