In a speech in Lyon, France on Monday, Martine Reicherts, EU Justice Commissioner addressed EU data protection reform and the right to be forgotten ruling issued by the European Court of Justice in May. The ruling gives citizens the ability to request search engine providers such as Google remove links that are incorrect or outdated.
This month the Guardian reported that France has the highest number of requests for link removals under the new ruling. It follows that it’s audience may be particularly interested in the data protection laws going forward.
“They [search engine providers] are trying to use the recent ruling by the European Court of Justice on the right to be forgotten to undermine our reform. They have got it wrong,” Reicherts said. “And I will not let them abuse this crucial ruling to stop us from opening the digital single market for our companies and putting in place stronger protection for our citizens.”
In an effort to comply with the ruling, both Google and Microsoft have created online forms to facilitate these requests. This was prior to search engine providers being invited to address EU Privacy Regulators to create a unified set of guidelines to determine how and which links should be removed.
Companies are also forced to comply with the privacy regulations of other countries. Recently Italy gave Google 18 months to change it’s ways. Standardized data privacy laws across Europe would make it easier for companies to comply.
On Monday the Telegraph reported that over 250,000 requests have been made to Google asking for links to be removed from Google’s European site.
The Lyon audience was reminded that the ruling is not a “super right”, superior to other fundamental rights such as freedom of expression. The courts intention was to have each case assessed to balance the individual’s right to privacy with the public’s right to know.
“In a nutshell: This ruling does not give the all-clear for people or organizations to have content removed from the web simply because they find it inconvenient,” Reicherts said. Another reminder was that the right to be forgotten is not new, it was part of the EU Data Protection Directive from 1995.
One goal of the EU Commission is to have a “true digital single market” under the new data protection rules being developed. “Our reform does just that. It is a market opener. Why? Because it replaces a fragmented and complicated regulatory framework with one clear set of rules,” Reicherts said. “Today businesses are faced with 28 different, often conflicting national laws. Our regulation will establish a single, pan-European law for data protection. One law, not 28.”
A secondary goal of the commission is to restore citizen confidence in data privacy. Spying revelations have created a sense of distrust in the public. New rules aim to give the public more control by creating standards for data portability between service providers. They suggest explicit permission will be required from the owner to access data.
This could impact service providers in other ways. If the EU law requires data portability, services such as Google will no longer be able to hold users to it’s service just because they have no option to transfer photos, documents, etc elsewhere.
He says …”there are four major criteria customers should consider in order to better ensure that customers can migrate away from a provider: not be locked into one service; be able to move data from one provider to another; have access to equivalent software at the new service provider; and to be able to trust the software being used.”
It appears the organization may employ stiffer penalties for non-compliance in the future. Riecherts stated, “People need to see that their rights are enforced in a meaningful way. If a company has broken the rules, this should have serious consequences. Yet so far, the fines European data protection authorities can impose are very low. For giants like Google, they are just pocket money.”