This is just the start of the inevitable slippery slope: the initial censorship doesn't work (and it never can, because information wants to be free), so they broaden, widen, deepen it. Then since it is still trivial to circumvent by technical means they add laws to try and restrict technical circumvention of the censorship. Then as loopholes are found in the laws against circumvention they have to broaden and deepen those. Soon it is illegal just to know things, to tell people basic knowledge of how to do things. And thus the only viable end point is totalitarianism. There's really no in between - if you want "free speech" at all you have to take all of it or none of it.
Information doesn't want anything. There may be a statistical tendency of information to propagate, but it seems to me that the only people who want information to want to be free are those advancing an agenda with a catchy slogan.
Further, the only viable endpoint is not totalitarianism-- one can argue about where on the spectrum we stand today, or might be in the future, but in the US we try to strike a balance. Unless you support being able to use whichever country's version of Google that permits things like searching for identity theft, illicit pornography, etc., it seems like we're OK with at least some restrictions on speech.
Assuming we accept the EU has the authority to pass such a law, then so long as Google wishes to operate within their jurisdiction, it seems fair that it abides by the law, vis., "deleting data as requested", not "make data inaccessible to those who cannot execute a second Google search on how to subvert the restrictions".
I'm not sure what you mean by "search for identity theft", but once Google starts accepting requests for banning any content objectionable in any corner of the world worldwide, a mere picture of a woman with her face not hidden by a burqa would be "illicit pornography". You'd say it's too much, but we need to strike a balance between your desires and religious feelings of people in Sudan, Syria and Iran, don't we? And when you're trying to "strike the balance" by trampling on rights, the ones who cry the loudest - i.e. fanatics - will always win, unless there's a strong and impenetrable barrier that they can not overcome. Like the First Amendment in the US, which, despite all efforts, is still standing. But Europe doesn't have it, and there bans on information and suppression of unpopular expression is the norm. This is just one more example of their descent.
Seems disproportionate to me. So much goes in my name and it would be a huge pain in the ass to change it just because a high ranking search result maybe is some stupid forum post by someone else from 10 years ago and the person who ran is not reachable and it's hosted in a different country.
The US adopted the English legal system, and changing your name is easy as pie. Mexico adopted the French and Spanish legal systems and changing your name is damn near impossible (from what I hear). I figure that's a feature of those legal systems (and their associated legal cultures), not the US and Mexico.
That's a very bad title. What the article states is that the EU would like those users that want to be forgotten to be forgotten from all google servers, not just from the servers in the EU. So it's not the EU pushing for the right to be forgotten to be extended to the citizens of all countries.
> So it's not the EU pushing for the right to be forgotten to be extended to the citizens of all countries.
It may be a bad title, probably for the purpose of link baiting, but the article itself isn't completely wrong assuming the EU desire is ultimately to gain control over what information is retained for EU citizens. It's possible this is merely speculation.
Personally, if the EU wishes to extend this limit themselves, then they should block access to US search engines from within EU member states. That's entirely within their right to do and it's a whole lot easier than upsetting everyone else who doesn't want to play by the same rules (and negates the need for extending treaties and the likes).
At its most extreme, I'm humored a bit by the prospect of what this sort of precedent would set for future demands made by North Korea.
I am not sure why "to be forgotten" is a right in first place. The kind of thuggery that Steve Jobs did to keep our salaries low should be forgotten by society few years down the line ?
This is going to be a big problem for multinational corporations like Google and Microsoft in the coming years. In order to do business in Country X, they'll have to censor all information that is objectionable to the citizens of X, even when citizens of other countries are trying to access it.
Google pulled its Chinese version a few years ago, redirecting users to the Hong Kong version instead. But Google only had a small stake in the Chinese market when it did that. It can't pull the same trick with the EU. It needs to sell ads in the EU, and you can't sell ads in a country while openly violating its laws.
Why doesn't the EU take issue with the fact that, for example, the Internet Archive probably has copies of every page that EU citizens want censored? Well, to begin with, few people even know about the Internet Archive. But even more importantly, the Internet Archive has no presence whatsoever in the EU. It's a US charity with US servers. So although it will never be able to get away with hosting content that violates American law, it doesn't need to give a flying fuck about EU law, Thai law, Russian law, or whatever. Oh, the Saudis want to censor images of women driving cars? Feel free to arrest our Chairman if he ever visits Saudi Arabia.
I think this is exactly why keeping the flow of information distributed is so important to keeping it open. Different countries want to censor different kinds of information, so the union of censored information is huge, but the intersection is very small. If we become dependent on a few multinational corporations to access information, we'll end up suffering the union of every censorship regime in the world (or at least the union of regimes where those corporations do business in). But if we keep the flow of information distributed, only the intersection need be censored.
What are the specific parts of their reasoning about the consequences that you find fault with?
I'm actually quite impressed that they're not falling for the non-existent technological obstacles that have been put in place here to side-step the law, for a change the EU court actually seems to be on the ball.
Because "The right to be forgotten" is just doublespeak for censorship. Politicians are using it to hide an unsavory past. Businesses will use it to cover up past wrongdoings. I'm not just exaggerating, this is already happening now with the current implementation.
Of course it isn't. That right applies to any citizen, not just to politicians, and besides, the newspaper morgues are not so forgetful. Also, for 'public figures' the standards are different and they probably will be only very partially successful in this. The Streisand effect will nicely counteract any attempt to be 'forgotten' for those who are extra deserving of being remembered.
>and besides, the newspaper morgues are not so forgetful
So how can such a double standard possibly be justified? How can google be forced to delete things from the servers, but newspaper archives can't be forced to burn their material?
Newspaper archives do not vacuum up random facts about random citizens, they don't build mile-long profiles, they store articles about events that were considered news-worthy by some newsdesk. Automated collation of data and journalism are not even remotely similar processes.
What I find interesting is how everybody is focusing on Google here, when the real focus should be not on how this system could be abused but why it exists and who it could benefit. And that gives a completely different picture. But it's late here (3 am) and I'm off to bed.
Perhaps you haven't seen how the "right to be forgotten" thing is being used in practice. It's not used to take down "random facts about random citizens". It's used by public figures in positions of authority to hide their wrongdoings.
They're not taking down "automated collections of data", they are taking down links to newspaper articles. The exact same articles that are in the archives.
The focus SHOULD be on how the system IS abused because the costs of the abuse vastly outsize any potential benefits.
> Newspaper archives do not vacuum up random facts about random citizens, they don't build mile-long profiles, they store articles about events that were considered news-worthy by some newsdesk.
Funny thing is that the case that brought this ruling is about forcing Google to delete any mention to a newspaper article and nothing about the article in itself
Streisand effect can only exist when the speech is free. When EU can ban any mention of a politician being embroiled in a juicy scandal 10 years ago, how would you disseminate this information? Only at great risk to yourself. This is not what should be happening in a free country, but apparently EU doesn't really need all the troubles of being free countries, their politicians are completely fine to deny their citizens the right of free speech. It's safer for them this way.
The EU can not ban any such mention, you are completely misrepresenting the intent and the actual use of these laws.
Free speech American Style is American, the EU is different, whether better or worse is not for me to decide but it is the law of the land and as such it should be respected by corporations operating there.
The EU is concerned with privacy here, you are concerned with censorship, those are not the same concepts and they are not addressed by the same mechanisms.
The fact that in some EU countries (ex) politicians hold large stakes in media conglomerates and can manipulate public opinion is a much bigger source for worry than that some politician embroiled in a juicy scandal would be able to wipe his trail completely. Especially newspapers will take a serious stance against that and it will simply not work.
>>> Especially newspapers will take a serious stance against that and it will simply not work.
Or they won't, as you noticed they are owned by ex-politicians. Or they would, but the law gets passed anyway and what they do? They don't have 1st amendment to appeal to, so they get nothing.
>>> Free speech American Style is American, the EU is different, whether better or worse is not for me to decide
Why not for you? Nobody can prohibit you to think for yourself and decide if having freedom of speech is better or worse than not having it. Not even EU can, at least for now until they didn't invent "right not to be thought of".
I wonder how EU regulators are going to react when, for example, Russian regulators demand that Google remove all links to "inaccurate" (i.e. not Russian propaganda) stories about MH17, worldwide.
It's a fairly natural privacy issue. The EU DPD has some fairly clear rules about automated gathering of information about people, the rules under which you are required to honor requests for reports about that data, to update it if so required and to be deleted at the first request.
Google is side-stepping the reach of the EU by keeping the data on servers outside of the EU but this goes against the spirit of those laws, it is about the citizens not about where the data resides.
Yes, keeping the information available where the EU's jurisdiction doesn't reach subverts the spirit of the EU's laws, but what alternative is there? By that standard, even delivering censored results to all EU IP addresses isn't enough - that's trivially circumvented with a VPN. And if the EU gets to have the spirit of their laws reach worldwide, then so does every other government.
But that way lies madness. Once Google is done censoring every search result that any government objects to (including results governments let their citizens object to), what will be left?
The alternative is pretty simple: google should honour the requests of EU citizens to be forgotten by google, not a limited subset of google.
It's like the copyright battles in reverse, only this time the rights holders are citizens, and it is google playing shell games rather than say allofmp3.
It's not so much against the spirit of those laws, but an attempt by the EU to apply its laws outside the jurisdiction of the sphere of absurdity that is the EU.
This is not at all about "where the data resides", as you claim, because the EU is not attacking the data where it resides -- it leaves that alone, on their original servers -- but instead where the data is indexed.
They could indeed. And if Google had a Thai presence (I don't know if they do) and plan on keeping it then they should probably comply. Pesky problem, nation states that claim they trump corporations.
Those requests have nothing to do with the right to be forgotten under the DPD. Really, censorship and privacy are two totally different issues and the mixture here is not conducive to progress.
This is nonsense. Google isn't making policy decisions about censorship and privacy, nor should they be. Instead, they're assessing when it is and isn't legally risky / expensive to return search result X to a user in country Y. At that level, privacy requirements and censorship requirements are functionally identical.
Just because the EU's legal restrictions are grounded in privacy doesn't mean another jurisdiction's won't be grounded in censorship. Which is one thing if those restrictions apply to search results intended for that jurisdiction and quite another if those restrictions are applied worldwide.
You are still reasoning from Google's viewpoint. There are other viewpoints. Such as citizens of the EU, who have decided to empower the EU with laying down laws dictating what companies can do with their data. If google wishes to continue to operate in Europe then it will have to comply with the law of the land.
Whether that is functionally identical with censorship or not is another debate.
We can have that debate, but it will end in some gray area where a convicted criminal that has served his sentence should probably be able to clear his name in the search engines and where a politician that was caught in some scandal will not be able to do the same (because he was a public figure at the time).
Censorship requests can simply be stonewalled until the company is sued and then the judges can side with Google or the claimant on a case-by-case basis.
Frankly, the only perspective I care about in this mess is mine - that of a non-EU Google user. I'm only reasoning from Google's because I want to understand how these EU regulations are likely to impact me. Now that EU regulators are making it clear they won't be satisified by compliance tailored to their jurisdiction, it's clear that they will. Which is just wrong.
There's no sensible reason for EU regulations to have anything to do with the search results that I (as a non-EU citizen, searching from outside the EU, most likely using entirely non-EU servers, network connections and so on) see. I agree that the EU has the economic and political power to impose these regulations (on Google, Bing, Yahoo, ...). I just think that, even though they can, they shouldn't.
This is exactly the same sort of extraterritorial bullshit that drives the EU (and EU citizens) nuts when the US does it. See, for example, the US government demanding, from Microsoft, the emails of EU citizens stored on EU servers in response to a US search warrant. Or the volumes of requirements (tax monitoring, sanctions compliance and so on) the US imposes on non-US banks even when their only US connection is they sometimes transfer dollars between non-US customers.
EU citizens and EU regulators might care deeply about the "right to be forgotten", but if they think that endorsing and emulating the US's extraterritorial grandstanding in its name is going to be anything but a gigantic net loss for European privacy, they're kidding themselves, at best. Google's response to the "right to be forgotten" has been disappointing and frustrating (though I doubt we'd agree on why). What similarly powerful governments (e.g. US, China, ...) end up doing with the new tools the EU is forging to enforce that right will be terrifying.
Censorship: A nation-state determining what its own populace can read about general world affairs and affairs concerning that governments own actions, inspection and possible redaction of communications between citizens and their access to media (such as books).
Privacy: The right of an individual to govern the whereabouts of the data concerning that particular individual.
Pesky problem, civil liberties that apply to all people regardless of the whims of the government or the majority of its citizens. Free speech is guaranteed by the Universal Declaration of Human Rights.
Note that the concept of 'free speech' the way it is practiced in the United States is not present in EU law.
Arguing that freedom of speech trumps your privacy rights is a rather twisted interpretation of the UDHR, by that interpretation we have no privacy at all, because after all, anything, once uttered by another person immediately becomes 'free speech'.
Your life belongs to you, and so does the data about you, unless you choose to become a public figure (for instance by seeking public office), or you become one through circumstance (for instance because you crash a cruise ship into a rock and capsize it).
In those cases your right to be forgotten is going to be trumped by the rights of the public to be informed.
The issue is not data location. Its that their localized domain for europe does but their international domain does not. Googles argument is their international domain doesn't fall under european jurisdiction.
This is blogspam for the Reuters article it links to, which has neither the inaccurate title nor the speculation (i.e. that blocking based on geo-ip would not be acceptable).
What I really wish someone would explain is why the EU seems to be focusing on Google's indexing of other people's content, rather than the content itself.
Because it's not a privacy issue. Privacy is the red herring. There's already ways to protect your privacy online. Additionally no one wants online privacy. People spend long hours making their facebook page
People make Facebook pages because they think they can control who sees them. Also, different cultures value privacy more than others, because they have more experience with the risks of a lack of privacy.
I suspect that's because no one has access to whatever data has been gathered about them, and so it's hard to draw a mental picture of how that could be (or is) being exploited by corporations which apparently believe that they are above the law.
I understand that HN is on the side of absolute freedom of expression which entails that if anything has been public once, it has a right to stay to public till the dawn of times, so I hardly ever comment on these matters. I'm French, and I definitely do not agree with this opinion.
In 1978, the french government proposed to cross-reference (through digitalization) many of its databases (birth registry, healthcare, retirement fund, driver's license…). It encountered a very strong resistance from the public, mostly because of an news article in one the biggest newspaper (Le Monde) titled "SAFARI [the name of the project]: the hunt for french citizens" (la chasse aux français).
Needless to say that such a system would have been a blessing for the German administration during WW2. It was 1978 and WW2 didn't seem that far away, either your generation or the one of your parents lived during the war. That's how France ended up with a law (Loi Informatique & Libertés) that regulates what one can do with databases storing personal information.
How's that related to the right to be forgotten? Bear with me.
This law (and up to minor differences, the EU directive on the matter), makes explicit what I consider to be a very smart and important idea: "purpose of data" (finalité des données). Basically, before you're authorized to store personal data (like email adresses, names, phone numbers, IP addresses[1]), you have to state what the purpose of this data is (to who and how is another matter, but that's not too difficult).
Also, data should only be stored for a specific amount of time. This duration is determined by the purpose of the data. For example, if you have a database of all the people that used to be registered to your {nodejs,rails,lisp} newsletter but aren't anymore, you cannot keep that data for, say, 10 years. 10 years doesn't make sense given the purpose of your data. Note that if you anonymize the data, you're good to go.
On the other hand, if you have medical data on cutting edge treatment of cancer, you may want to keep the data for 30 years if you need to contact a former patient when you discover longterm side-effect of your drug. And in this case, it's fine.
You may start to see where I'm going. We have basically the same idea in the right to be forgotten. Yes, it impedes freedom of speech as american people think of it. Sure. But, you know, in Europe, we have a different freedom of speech, which also traces back to WW2. I can't go around saying that I hate black people and that I'm a nazi. I'm gonna be fined/thrown in jail for doing that. And a vast majority of Europeans do agree with that. Basically restrictions are nothing that promotes hate/racism and libel (you can't say that somebody's a serial killer before he's convicted for example.)
And you may think I'm backwards, turning away from the blinding beauty of technology (right to be forgotten? that's not how the internet works!). Thinking that Freedom of speech as the US knows it is the way to go everywhere is universalism, pure and simple. So, please remember that countries and people have a history.
Yep, the internet doesn't work that way. And I am aware the I can host my server in some random third world country and get away with mostly whatever I host. Or I can use a tor hidden service. But that's not the point. 99% of these cases will be about data hosted by legitimate businesses, which have a name and address and that will be compelled to remove the data.
In my opinion, the slope isn't that slippery. After all, you'd be hard pressed to consider EU countries as being way too censorshipy (?) — in general, not just when talking about Internet.
And yes, law will always be stupid when you pit it against technology. But unless you advocate total deregulation, it's a matter of how much idiocy you can accept.
Finally, a thought on jurisdiction: european judges consider that they have authority if the intended public is european. So yes, google.es, google.co.uk and such are subject to european law. Wether or not google.com is subject to EU law has not been tested in court (it probably has, but I can't remember any specific case), but even in this case, it would be perfectly acceptable (from the court standpoint) to alter google.com for EU IP addresses and leave it untouched for other addresses. So, no, nobody's gonna tread your freedom.
Ironically, I don't really have an opinion on Freedom of speech (US vs EU). But I find that the EU has struck a nice balance when it comes to that. Knowing that companies must destroy data that has my name attached to it when it's not relevant anymore is very appealing.
In the end, the US and the EU, in this case, disagree on principle, which are like axioms. You can't prove me that one is better (in the general framework of modern civilization, ie, let's say The Universal Declaration of Human Rights, to keep it simple.)
[1] this one is tricky, but this comment is already long enough
But, you know, in Europe, we have a different freedom of speech
I would say Europeans in general have a different understanding of freedom. In the US the concept is usually always you have "the freedom to..." whereas in Europe there is often something more like "the freedom from...". Yes, I realize that you can pretty much write every freedom so it becomes the other, but when you actually think about it and not try to nit pick that's pretty accurate.
In general I feel like in Europe there is not this holy grail of abolute freedom like in the US. It's often limited by personal rights, privacy etc. Americans don't seem to understand that this isn't just the EU on some kind of acid trip, but that Europeans simly have different values.
I'd like to see a European country that tries to censor where its citizens can go, where money determines the outcome of elections and that's not an actual democracy go out and preach to other countries about how 'free speech' is more important and therefore its citizens are more free than those of other countries around it.
Freedom is an absolute in theory only, just about every country in the world loses out on one or more dimensions of it but somehow the US has the general idea that it and it alone is somehow the bastion of freedom.
Well it's not a question of which one is better (although I know where I side on that one), it's a question of whether or not the EU principles will be allowed to extend to servers operated out of the US.
Yeah, I know, but I shamelessly piggybacked on this thread to write a comment I wanted to write for a long time.
Anyway, it's often more a matter of intended public and where the company is registered than a matter of where exactly the servers are.
I think your emphasis on the "purpose of data" is spot on, and I agree that it's very much needed in this age of "big data" when data collected for one purpose can be easily stored, crunched, and used for completely different purposes. The U.S. sorely needs a similar guideline, if not a hard law.
But this has nothing to do with free speech in general. The two issues are orthogonal to each other. They're not "basically the same idea". It's entirely possible for a country to regulate the direct collection, use, and distribution of personal information in one way, while regulating free speech in general in another way.
My phone company's collection of my personal information has little to do with free speech, it's a contractual obligation that they incur in exchange for getting my information. It's just like when Hertz rents me a car and tells me "you can only use this car for 7 days, you can't use it to drive for Uber, and you can't sublet it to other people." Hertz can charge me a hefty fee if I use the car in a way that they disallow. Similarly, I can sue my phone company for damanges (or have the government fine them) if they use my personal information in a way that I disallow. And if the law provides standard rules on what is allowed and what is not, well, that could be convenient for all of us.
On the other hand, if someone publishes embarrassing facts about me on their website without my permission, now that's a matter of free speech, and whether or not I can tell them to delete those posts should depend on how much actual impact those pieces of information are expected to have on my life and the lives of people around me, as well as the potential impact that a system of censorship might have on the general quality of public life in the country. It's probably a good idea to let citizens hide the list of sex toys they bought. It's probably not a good idea to let the President hide the list of bribes he took.
Since these judgments are cultural, reasonable people can disagree about them. In America, flying a Nazi flag doesn't count as a harmful thing, only a disgusting thing. In Germany, due to its unique history, it's considered a very harmful thing. But I don't think this shows any disagreement "on principle". Both agree that harmful speech is not protected; even in America, you can be punished for shouting "Fire!" in a crowded theater. Different cultures simply have different ideas about what is harmful.
Again, this has nothing to do with the usual collection and use of personal information that your excellent "purpose of data" law is concerned with.
Just to make things clear, I agree that these 2 concepts are somewhat orthogonal. But in the history of law in EU, that's how one lead to the other, which was my point. It's the idea that data doesn't exist in vacuum, but is always tied to something or somebody and that the rightful owner has a say on how it's managed.
I agree that these things should be decoupled, though.
As for limits to the right to be forgotten I can't find sources right now, but I'm pretty sure that you can only invoke this right on things related to "private life" (ie not public figures).
What's interesting and disturbing about your comment is that you barely touch on what is supposed to be the whole purpose of the law - privacy. I think you understand that this is all about censorship, but still support it.
