- CyberCrime Center
May 16, 2014
David Streitfeld, who covers technology for The New York Times, takes an in-depth look at the European Union’s highest court ruling declaring that Google must delete links to a user’s personal information on request. In doing this piece, Streitfeld has interviewed a host of individuals from academia, business et al on both sides of this right to privacy versus the free flow of information debate.
(The following has been edited to fit our format.)
The highest court in the European Union decided on Tuesday that Google must, in some cases, honor requests from its search engine users to delete links to personal information.
Europe’s highest court said on Tuesday that people had the right to influence what the world could learn about them through online searches, a ruling that rejected long-established notions about the free flow of information on the Internet.
A search engine like Google should allow online users to be “forgotten” after a certain time by erasing links to web pages unless there are “particular reasons” not to, the European Court of Justice in Luxembourg said.
The decision underlined the power of search companies to retrieve controversial information while simultaneously placing sharp limits on their ability to do so. It raised the possibility that a Google search could become as cheery — and as one-sided — as a Facebook profile or an About.me page.
Jonathan Zittrain, a law and computer science professor at Harvard, said those who were determined to shape their online personas could in essence have veto power over what they wanted people to know.
“Some will see this as corrupting,” he said. “Others will see it as purifying. I think it’s a bad solution to a very real problem, which is that everything is now on our permanent records.”
The case began in 2009 when Mario Costeja, a lawyer in Spain, objected that entering his name in Google’s search engine led to legal notices that he said were no longer relevant.
In some ways, the court is trying to erase the last 25 years, when people learned to routinely check out online every potential suitor, partner or friend. Under the court’s ruling, information would still exist on websites, court documents and online archives of newspapers, but people would not necessarily know it was there. The decision cannot be appealed.
In the United States, the court’s ruling would clash with the First Amendment. But the decision heightens a growing uneasiness everywhere over the Internet’s ability to persistently define people against their will.
“More and more Internet users want a little of the ephemerality and the forgetfulness of predigital days,” said Viktor Mayer-Schönberger, professor of Internet governance at the Oxford Internet Institute.
Young people, in particular, do not want their drunken pictures to follow them for the next 30 years. “If you’re always tied to the past, it’s difficult to grow, to change,” Mr. Mayer-Schönberger said. “Do we want to go into a world where we largely undo forgetting?”
The court said search engines were not simply dumb pipes, but played an active role as data “controllers,” and must be held accountable for the links they provide. Search engines could be compelled to remove links to certain pages, it said, “even when the publication in itself on those pages is lawful.”
The court also said that a search engine “as a general rule” should place the right to privacy over the right of the public to find information.
Left unclarified was exactly what history remains relevant. Should a businessman be able to expunge a link to his bankruptcy a decade ago? Could a would-be politician get a drunken-driving arrest removed by calling it a youthful folly?
The burden of fulfilling the court’s directives will fall largely on Google, which is by far the dominant search engine in Europe. It has more than 90 percent of the search business in France and Germany.
Google said in a statement that the ruling was “disappointing” and that the company was “very surprised” it differed so much from a preliminary verdict last year that was largely in its favor.
The decision leaves many questions unanswered. Among them is whether information would be dropped only on Google sites in individual countries, or whether it would be also erased from Google.com. Even as Europe has largely erased its internal physical borders, the ruling could impose digital borders.
Another open question is how much effort a search engine should reasonably spend investigating complaints.
“I expect the default action by search engines will be to take down information,” said Orla Lynskey, a lecturer in law at the London School of Economics.
A trade group for information technology companies said the court’s decision posed a threat to free expression.
“This ruling opens the door to large-scale private censorship in Europe,” said James Waterworth, the head of the Brussels office for the Computer and Communications Industry Association, which counts Facebook, Microsoft and Google among its members. “While the ruling likely means to offer protections, our concern is it could also be misused by politicians or others with something to hide.”
That view was echoed by Big Brother Watch, a London-based civil liberties group that was perhaps the first to invoke the specter of Orwell.
“The principle that you have a right to be forgotten is a laudable one, but it was never intended to be a way for people to rewrite history,” said Emma Carr, the organization’s acting director.
Mr. Mayer-Schönberger, the author of “Delete: The Virtue of Forgetting in the Digital Age,” said such concerns were overblown. He said the court was simply affirming what had been standard European practice.
Relatively few people in Europe have had issues with wanting to delete information on the Internet, Mr. Mayer-Schönberger said. “I don’t think this will lead to the end of the Internet as we know it.”
Michael Fertik is chief executive of Reputation.com, which helps people improve their search results into something they find less objectionable. “For the first time, human dignity will get the same treatment online as copyright,” Mr. Fertik said. “It will be protected under the law. That’s a huge deal.” The only loser, he said, was Google. “It no longer gets to profit from your misery.” And perhaps Reputation.com. “This ruling is not necessarily favorable for my business,” he said.
Those who worry that many people might use the ruling to erase information that is detrimental but is [unquestionably] accurate may find support in the case that began it.
ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, Building Trust on the Internet, CNP fraud, Context-Based Authentication, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, European Union, Fraud Prevention, Google Search, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, Mobile fraud, Online Fraud, Personal Information, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, Trust Tags, TrustDefender Cybercrime Protection Platform, Web Fraud