Out-Law News 3 min. read
20 Feb 2012, 10:01 am
Peter Fleischer said that the company was "supportive of the principles behind the right to be forgotten" but believes search engines should only have to update search rankings and help facilitate easier faster deletion of content rather than delete the material themselves.
"Search engines serve an important function online, and the right to be forgotten should not interfere with their ability to point consumers to information published elsewhere," Fleischer said in a Google blog.
Search engines should provide "timely" updates to their indexes to reflect when web pages or sites are taken offline and should provide mechanisms for "webmasters to accelerate removal of their site from search results," he said.
Fleischer was assessing the so-called 'right to be forgotten' proposals contained in draft new EU data protection laws published last month by the European Commission.
Under the proposed new regime individuals will be given a qualified 'right to be forgotten' that will generally enable them to force organisations to delete personal data stored about them "without delay". Organisations that have made the data public will be liable for the data published by third parties and will be required to "take all reasonable steps, including technical measures" to inform them to delete the information.
Organisations will be able to oppose the deletion of information if they can show they have a right to publish the data under the fundamental principle of freedom of expression or if it is in the public interest for the data to remain in existence.
Fleischer said that a 'distinction' had to be made between search engines and 'hosting platforms', such as Facebook and Google-owned YouTube. He said that whilst those companies and other web hosts should respond to user requests to delete content, there were legitimate reasons why that deletion should not always be "instantaneous".
"There are practical reasons why some delay should be permitted, for example to prevent the abusive deletion of content when an account has been compromised. Other limits, including legal or contractual obligations, may also legitimately delay deletion in certain circumstances," he said.
Fleischer said that the "practical limits" hosting platforms would face in tracking down copies of information republished elsewhere on the web means that they "cannot be expected to maintain control" over those other copies and be responsible for deleting them. Content hosts should only have to delete material they themselves "store" upon request, he said.
In circumstances where the deletion of content would lead to the security of web hosts' service being undermined or if it would "allow for fraud", those service providers should not have to delete that material, Fleischer said. Deletion should also only occur if the owners of content can be clearly established, he said.
"Hosting platforms cannot be expected to delete materials created collaboratively at the unilateral request of a single contributor. Where a clear ownership of a collaborative document has been assigned, responsibility for deletion should lie with that owner. In cases where ownership of a collaborative document is not clear - as in the case of wikis or usenet posts - the questions are more complex, and a clear solution is not currently obvious," Fleischer said.
The hosts of content should also not be liable for the content of material users publish, the privacy lawyer said. "In the same way postal services are not expected to monitor what is in the letters they carry, internet hosting platforms should not be expected to exercise control over materials published by third parties. Fundamental responsibility for information available online must rest with the party that put that particular copy online, rather than with the hosting platform. This is consistent with the premise of existing European law, namely, the eCommerce Directive".
The E-Commerce Directive protects service providers from liability for material that they neither create nor monitor but simply store or pass on to users of their service. The Directive says that service providers are generally not responsible for the activity of customers and that member states must not put service providers under any obligation to police illegal activity on its service.
Service providers are not liable for infringement via their services if they do not have "actual knowledge" of the illegal activity or having obtained such knowledge "acts expeditiously to remove or to disable access to the information". The Directive is implemented in the UK by the E-Commerce Regulations.
Fleischer said that the responsibility for material posted online "ultimately" falls on those that put it there.
"The fundamental responsibility for information available online must rest with the publisher of that information, rather than with a search engine or other similar intermediary," he said. "Host providers store this information on behalf of the content provider and so have no original right to delete the data. Similarly, search engines index any publicly available information to make it searchable. They too have no direct relationship with the original content. We’re supportive of the principles behind the right to be forgotten - and believe that it’s possible to implement this concept in a way that not only enhances privacy online, but also fosters free expression for all".
