so they are covering a case that has just been decided at the European Court of Human Rights.
This story is in some ways incredibly important but in other ways not likely to happen.
The ruling in the case of between a Spanish man Mario Costeja and the search giant Google was about
old and out of date information the search engine was bringing up about the man.
The ECHR has considered the matter and today they came out with their ruling on the matter. They
ruled in favour of the man and against the giant, David had his day and Goliath has a headache.
The court ruled that the Data Protection Directive, or to use its full name ‘The officially Directive 95/46/EC
on the protection of individuals with regard to the processing of personal data and on the free movement
of such data' applied in this case and so set the precedent for all such cases in Europe.
I belong to the last generation that grew up off line. Despite the best efforts of certain friends of mine to
find and post online photos of me in my teens and twenties my formative years were off line. People thirty
and younger are people who were born into or who spent their formative years during the 21st century and
the information age.
Without thinking about the long term consequences they happily lived their lives online, every deed was
pictured online or posted on social media. Every selfie that was such a laugh at the time is out there in the
digital world where it can be used as evidence of foolishness or criminal action.
Young adults, those from eighteen to twenty five have the last fifteen years of their lives online, to be found
by anyone who has the Google Foo to find them.
Prospective employers who check Facebook pages, credit agencies or banks doing background checks, real
life is now looking at peoples online histories and to them it makes no difference that the person was a
teenager or drunk. Those nude pictures or the drunken games or the pictures with the bong pipe or joint will all
be found.
This is harmful and this is what this ruling is intended to address. To prevent people being harmed by data
about them online, it doesn't matter if they put the information online themselves or not, it is harmful and
the ruling is that it is now wrong to find it.
I mentioned that this is both important and a potential non event.
It is important because this is the first serious attempt to bring legislation up to date in the digital age. There
are a number of ongoing attempts to change laws to reflect the reality of 2014 and the modern internet but
they are slow going. This case is the first major ruling and as such it is important, wrong but important.
Consideration of the ruling seems to be that any person could ask that information be removed if it appeared
to be "inadequate, irrelevant or no longer relevant". The definition of these three terms is open to debate and
will doubtless involve lawyers. A person could decide that some of his online data fits one of those categories
and demand that it be removed or not included in searches.
Queue the non event. It isn’t going to happen. Apart from the fact that the UK has already said NO to this and
it requires all 28 EU countries to ratify it, it is bloody well impossible.
Sorry to burst the bubble of all the people cheering this as a privacy victory, but it cannot be done in the way they are legislating.
This ruling would apply to all 500 million people in Europe and would require that every single item of about
them be individually checked and allowed or not.
Google does not create the data, it uses spiders to crawl all over the web finding references to data, it holds
those references not the data itself. So when you do a Google search and it returns 20 results of embarrassing
details of when you were a teen those sites are not Google. Want that information deleted, then go to the sites
where the information is held.
Blocking a search engine from showing those sites does not make the data go away, it just makes it marginally
harder to find.
Google cannot and will not be able to set up a file for every man, woman and child in Europe containing a list of
every record and reference to them that can or cannot be returned on a search. Given the recent reports of
just how much Google has been cooperating with the security services to spy on us who would be happy with
every search engine company setting up a database of every single piece of data about any of us online.
Talk about a one stop shop for identity theft and abuse.
Google has absolutely no way of knowing what is no longer acceptable so every single person in Europe would
need to search themselves and then go through every item about them and censor it.
Yep I did say Censor because this is what this is.
I understand more than many just how much information about us is out there in the digital nation and how
hard it is to get rid of it, just ask Cameron how well his attempt went. The only, let me repeat that, the ONLY
defence against having embarrassing or damaging stuff about you online is not to put it online. You could
hire a very very good data elimination specialist and have them selectively edit your on line records but that
is about it. For the other 499 million people in Europe, sorry all but tough.
Google or Bing or any other search engine cannot do this, trying would cause chaos and the avalanche of law
suits would destroy search engines. It would mean that no search engine company would allow anyone in
Europe to use them for fear of legal action for violating the Data Protection Directive.
Only by broad category censorship could this even be attempted. Block everything over six months old for
example, but this does not stop just the harmful stuff it will block everything. Also anything younger than
this would get through harmful or not.
So where does this leave the search engines and for that matter where does it leave us.
Facing a very dangerous situation. The search engines will appeal on the grounds that they are not bound by
the directive since they are not holding the information, this is correct, they hold information about the location
of the harmful data and can make the case that it is the responsibility of the entity holding the data to wipe it if
asked. Technically they can make a very good case that they are not in violation of the directive and so the
ruling against them by the ECHR is wrong.
Also most of us cannot afford to legally challenge the search engines who find harmful information about us,
the ones that can are generally the ones with most to hide and the ones that will benefit most from this
censorship.
Business leaders, corporations, politicians. All the people who can be most harmed by the truth about them
are the people who can afford to use this to their benefit. No one else can.
Consider the current time. The European elections are near, the general election is less than a year away. This
ruling creates a situation where Google would have to sensor its search results if any politician felt that old
information about them was harmful. Cameron could legally have all of his old speeches blocked because
they were no longer relevant, you know, the ones where he was recorded making all the promises before
the last election that he then broke.
Think this would not happen, the original case was raised because a bank put an auction notice about a
repossessed house online. The house was for sale and for transparency they listed the house was a repo.
The ex owner claimed that anyone who knew he lived there or checked the previous owner could identify
him and being known as someone who had his house repossessed was harmful to him. Hence the Human
Rights case.
What happens then? If it is illegal to mention online that a house has been repossessed but not off line. Or
can banks and building societies no longer tell the truth, what happens when someone wants full
transparency about a house they wish to buy and are told that due to the human rights of the ex owner it
is secret. What about buying or selling a car or anything else?
Given that the case is built on the truth being revealed about a house and not about the man do you
honestly think that our politicians are not going to try and milk this for all it is worth.
You could always make the case that public interest about public figures trumps the privacy law. Can you
afford the lawyers to challenge those working for the politicians and rich types. If you can then go for it, if
not then expect that politicians will have lawyers claiming that anything they have said or done that was
not a formal interview is private and therefore banned.
Take a photo of a UKIP or BNP meeting and post it online, any person in that photo can then have it
blocked on the grounds that it is against their human rights to be identified as being there. Think this is
unlikely, did you miss UKIP sending the police round to talk to a blogger about posting The Truth about
UKIPs policies.
Those embarrassing comments caught on an open mike, yes those could be banned from the search
engines along with everything else that could be defined as "inadequate, irrelevant or no longer relevant".
When I am talking to people about data security I say the whole point is to not let people know what you
want kept private. Keep your data secret or secure. Never put it out in the open. The core of data security
is never letting it get out into the digital world, once that happens it no longer security, it is now damage
control.
This court case and ruling is all about damage control and it will be a disaster. It will either be applied in such
a way that it benefits only the few and punishes the many or it will be watered down and become meaningless.
If you have secrets don’t put them online or find a Data Elimination Expert and hire them to whitewash your
digital records.
If you cannot manage either, sorry but tough luck.