Hacker News new | past | comments | ask | show | jobs | submit login
Europe's top court: people have right to be forgotten on Internet (reuters.com)
247 points by kevcampb on May 13, 2014 | hide | past | favorite | 205 comments

What would happen if Britney Spears came along and asked Google and every other search engine to delete everything about her on the internet?

Even if Google went ahead and deleted every link to every story about her today, she would have a new million of articles about her tomorrow (Most likely about the fact that search engines doesn't give any Britney Spears results anymore)

How does this law affect celebrities? Are they considered in the public eye and unprotected? Or are they persons, as well?

Can anyone clarify?

Perhaps Britney Spears is a bad example, as she is a US citizen. What about Till Lindemann, lead vocal of the German Metal band, Rammstein?

Start from existing data protection rules and procedure: http://ico.org.uk/for_organisations/data_protection/the_guid...

"Information made public by the subject" is exempt, even if the subject regrets that disclosure.

There's also exemptions for news reporting and other purposes: http://ico.org.uk/for_organisations/data_protection/the_guid...

(Those references are to UK law, but this area of law is part of EU harmonisation and should therefore be basically the same in most EU countries)

There is an exception for newsgathering but apparently not for linking to news articles. That was the exact circumstance of the case at hand—the newspaper was left out of the appeal but Google was ordered not to link to the newspaper. An odd result.

"Information made public by the subject"

... Isn't that pretty much the whole internet?

No. For instance, email correspondences are not considered public. Or non-public user account information like DOB, SSN, phone numbers, addresses, etc.

And, importantly, browsing history is not considered public. It's actually PII with the right machine learning.

But everything that Google, Facebook, etc. has indexed on you is public information, no?

Or does this law makes it so corporations have to delete everything they have on you?

"Handing to one other organisation in confidence" != "public"

The answer is potentially yes, if you're handling people's information then they have a right to (a) correct it and (b) delete it. You can't just maintain dossiers on people forever without their consent. However, it may be exempt if it's administratively necessary to keep.


(Really you have to look in the caselaw which is harder to find)

It depends on how you're defining "public information." If you define it tautologically as 'information available to the public' then yes, because Google is crawling public datasets, and Facebook serves information to the public. If you define it legally, then it depends on the jurisdiction.

Public information isn't something established by nature, it's something created by statute.


No Britney Spears is a person of public interest, likewise for example politicians. The privacy law has a exception for person of public interest.

I wonder how one defines a person of public interest in the internet age. Obviously Britney Spears qualifies but fame seems to be a sliding scale more than an absolute now.

Fame always was a sliding scale, that's not something unique to the internet age. It's just gotten easier for some person in country 'x' to become famous in completely unrelated country 'y' but that's just a change in degree.

It's also much easier for a person to become "Internet famous" overnight and without their consent if they, for example, post a video and it goes viral.

If you post a video then by definition that's with your consent, if the video is of someone else then that's a potential problem.

Most virals are fabricated though, which is a pity because 'viral' used to be a mark of excellence. Now it just stand for 'was marketed with enough initial push to overcome the activation energy'.

Right, and that's the conflict. If a person becomes a 'person of interest' if they're famous enough, the law is going to take something that operates as a sliding scale (or, I would say, "a contextual construct") and require a legally-binding global binary threshold to be made of it.

Good luck with that.

This works in Austria and Germany already for a long time. Those privacy laws are common there since the 1970ies (the raise of private computer data)

Laws are not binary. A judge would decide whether someone could be considered famous in the context of the case.

In this case it's pretty specific to someone wanting libelous information removed. If the analogue is a print publication having to retract something it is (almost?) always after a judge has looked at it. If Britney Spears suddenly considered everything ever said about her libelous she would have a tough time convincing a judge of that i would say. Just like celebrities usually have a tougher time getting things retracted now since they are in the public eye more than Joe Average by default.

Defamation is so expensive to defend (and results so variable) that almost everyone folds in the face of a libel claim. Libel is a very effective way for rich people to silence criticism.

It got so bad in the UK that the US passed a law declaring UK libel judgements unenforcable in the US ( http://en.wikipedia.org/wiki/SPEECH_Act ). UK libel law has recently improved very slightly, although not in Northern Ireland.

I didn't see the allegation of libel in this case. The plaintiff's house was sold at auction and he wanted links to the newspaper listing removed from Google.

Assuming there is a libel element tho (mentioned above in connection with UK law), what about the report of the case where libel was found? That's news, correct?

Well, maybe it's only the libelous statements that must be removed when liability is found - then the public would have incomplete reports of judicial actions. Isn't that a public interest weighing against privacy?

My local newspapers report of this case mentions that the reason the plaintiff wanted the references removed was because the auction publicized the fact that he had debts at the time which was no longer the case. I would guess there are situations where such facts would be a hindrance in later life when easily surfaced through Google.

> I would guess there are situations where such facts would be a hindrance in later life when easily surfaced through Google.

Sure, but that is most definitely not libel.

Indeed, a judge will make this decision. There is a tendency for people (especially online) that laws sould be absolute and binary in their arbitrations, this is not the case. It's humans that decide how the law should apply in each case, and a human has considerably less difficulty in distinguishing the difference between Britney Sears applying for censorship and John Doe doing the same thing.

How can someone disappear if their email is in my inbox? So you can deleted from a search engine, how do we insure its you we delete and not me? Names are not unique, maybe everyone needs to have a unique id? not possible in our current state

The reason I ask about email is that if I use gmail are not some search results I do going to check my mail or is the act of my searching my main in google going to be called out next?

At least in Germany (no idea whether that follows from EU laws or whether there is a similar EU law) celebrities have somewhat lower privacy rights simply due to the fact of them being in focus of media and so on.

The key phrase here is "Person öffentlichen Interesses" or person of public interest. It is a reasonable compromise that has worked adequately so far.

Interesting Question. Just say what happen if there is a same person in EU or UK with the name Britney Spears and ask search engine to delete records?

I could and would argue that there are times in which a person should have the right to not be found.

An example scenario: Alice is a victim of a crime, reports the crime and Bob is arrested and goes on trial. Bob pleads not guilty and Alice participates in the trial as a witness. Bob is sentenced, the court record is made. The Daily News (fictional paper) reports on the court records of the day and has a reporter who attends the more interesting cases, and mentions Bob's sentence and gives some of Alice's statements as quotes.

In that scenario, the court record should always be a matter of public record, a statement of fact. The newspaper certainly has the right to access public record and to make a news story of the set of facts that are in the public record.

But, here starts the problems... Alice applies for a job and the employer Googles her name and comes across the news article. There are many types of crimes in which the public have great difficulty accepting a victim is a victim. For example, rape. It isn't too much of a stretch to say that the culture of victim blaming means that a matter of public record has just had the effect of defaming Alice.

Alice as a victim is never given the opportunity to move on with her life when every person that ever searches for her will find the story very quickly. She has been sentenced too by participating in the justice system, which is an open book.

The newspaper, just as in this case, will argue this is public record and cannot be silenced. Sure, I agree... but that doesn't mean that it's in the victims interest that the information be extraordinarily easy to find.

And Google are a better place in which to attempt to stop the information being found, given that they (and only 1 or 2 other search engines) cover the vast majority of searches made about someone.

Alice certainly does have the right to make information that she didn't explicitly choose to make public and that can cause her harm not be found so easily, even when that information is a matter of fact and public record.

She has the right to not be found (by that method - Google).

PS: I know a girl experiencing almost exactly that scenario, who cannot get a news story off of the front page results for her name. This isn't even a stretch scenario. The local newspaper just hasn't bothered responding to requests.

You make a good argument about why she has an interest in not being found/identified with this information. To be sure, there are good reasons why she would want to distance herself from this event in her life. By the way, that is the reason that many newspapers (e.g., the NYTimes)have policies against reporting the names of rape victims, precisely because of the stigmatic effects on the victim.

But why is her interest in privacy sufficient to create a right protected by the law? What about the conflicting interests--including existing legal rights--of others to learn about and to publish that information? What concerns me the most is the unimaginably fraught task of administrating these rights. The EU Court suggested a highly problematic standard: data that is "inadequate, irrelevant, or no longer relevant" must be deleted upon request. Who decides what is adequate and relevant? Relevant to whom, and for what? Adequate for what? Is relevance now the standard for what information can exist online? Who is the arbiter of relevance?

And how is this administered as a technical matter? Does Google delete the entire article, or just redact the sensitive information? What if there is other important information in that same article/site/page? Does the public now lose access to the entire article, which surely contains other useful information?

This policy seems extremely ill-advised.

> But why is her interest in privacy sufficient to create a right protected by the law?

No new right has been created.

The ruling clarifies the overlap between existing laws.

The right to privacy is already there as a fundamental right within EU law. The ruling is pretty clear that data processing must respect the fundamental rights and freedoms of a person, specifically including privacy.

The ruling states that whilst Google had the right to process the data at the point in time in which it did so, it no longer had the right at a later point in time.

The record of fact remains as a historical document, but the ruling is very narrow and says that the data processing of those facts (displaying of search results) may, at a later date, be in conflict with a persons fundamental rights. At such a point in time, the data processing isn't permitted.

As with most things regarding the EU, if you sit down and read it a lot of it is fairly dull, pragmatic and reasonable.

Fair enough, you're correct that no new right was created in the EU. I was reading your comment as defending the concept of it as a right, and so I took issue with the notion that it should be a right.

Reading the opinion does not allay my concerns about the meaning of this opinion and the scope of its consequences. It is only "pragmatic and reasonable" to the extent that you agree with the policy underlying the opinion, which I certainly do not.

Taken at face-value, it would seem that the EU is effectively denuding the internet of its power for disseminating knowledge quickly and cheaply, and thereby democratizing the processes of determining truth. The court has approved a pernicious form of content restrictions that will be based on the utterly toothless (not to mention absurdly subjective) standard of "relevance," and driven by individuals whose interests are contrary to the public interest in information.

Like I said before: relevance to what? The fact that this opinion is issued in a case where the party objected to a record of his previous foreclosure--a fact with undeniable relevance to, e.g., future lenders or business partners or anyone else who needs to know someone's credit history--indicates just how high the standard for relevance will be.

In my view, giving government (or any powerful corporation or individual) the power to curate the information available to citizens is one of the greatest threats to a vibrant, functioning democracy. We should be extremely wary of any efforts by the government to be the arbiter of truth, and while I don't know enough about the case or EU law to predict how this will work in practice (in fairness to the EU, they very well could administrate this with considerable restraint), I think we should be wary of this opinion as well.

I think when it comes down to it one has to determine which law trumps another.

In this case we have laws about privacy (human rights, foundation of democracy) vs laws about freedom of expression (press, transparency).

Where there is an overlap the top courts must determine which one is more important. In this case they determined that privacy is more important, in a way that didn't remove the factual record but limited data processing so that both things could be preserved and protected.

I do agree with that, even though I probably share the opinion everyone else seems to have that transparency and freedom of press is also really really important. But for me, I personally think without privacy you cannot have democracy, which in turn serves to protect openness. And that does mean that there is this conundrum built-in to democracy, as the very foundation is built on not being fully transparent and what if that's what the people are asking for.

When it comes to good laws, its not just about which values trump others in theory, but the real costs and side effects of the specific law trying to hold one above another.

The costs and abuse inherent in all humans being able to force privacy takedowns are beyond colossal. How on earth can a search company afford to provide human judgement for each request? If humans don't arbitrate requests, how is anyone going to know that material was removed for bad reasons?

I would worry that this law would create problems, but in my opinion it will be proven unenforceable. Seriously, what is Google supposed to do with 100,000,000 people's personal lists of takedown requests?

If anyone can see a way this could actually be done economically I would like to hear it.

>But why is her interest in privacy sufficient to create a right protected by the law? What about the conflicting interests--including existing legal rights--of others to learn about and to publish that information?

Because for thousands of years of civilization, the possibility of not being constantly publicly reminded of one's past, even if it was a crime he was found guilty of decades ago or some dumb or embarrasing thing he once said, was one of the most humane things.

We shouldn't abolish that freedom to be forgotten, just because machines enables us to abolish it. Technology should be a tool, like in optimistic sci-fi, not a master, like in dystopias.

I don't deny that the easy availability of mass amounts of information about people on the internet has serious, troubling privacy implications, has magnified the importance we ascribe to that information, and has made it more difficult to escape incidents in our past.

But this isn't a freedom with a long-standing history. Far from representing a break with history, this tradition--wherein reputations are sticky and inescapable--is consistent with how human societies lived for thousands of years. Until relatively recently (~100 years ago), the vast majority of people lived in the same town for their entire lives, and there was a collective remembrance of their character. Everybody knew everybody's business, and preserved it through gossip. At least partly out of necessity, our cultures evolved significant traditions of society-wide shaming; stealing an apple could be punished by public shaming in the stocks in the town square. Social acceptance and even livelihood was based on your character, and the punishment for even minor moral failures was severe.

I submit that reputations were only escapable in a meaningful way for maybe the past 75-100 years, when our cultures (at least, industrialized cultures) became increasingly mobile: people left home to pursue education on the other side of the country, to begin careers and new lives in new cities without a trace of their old lives and reputations. This ability to escape your past and reinvent yourself was a brief aberration. The size of our communities exploded in the last 15 years as the internet expanded, and it seems not that different from when we lived in teeny communities and everyone knew our business.

There isn't and never has been a statute of limitations for dumb and embarrassing things. Whether to create one now is a normative question, and regardless of how you come down on that, I just don't think you can justify robust privacy protections--particularly at the expense of transparency--based on supposed historical respect for privacy.

>But this isn't a freedom with a long-standing history. Far from representing a break with history, this tradition--wherein reputations are sticky and inescapable--is consistent with how human societies lived for thousands of years.

I'm not so sure about that. For thousands of years you could go to another village, city or country and escape your past completely. With technology like Google this is not possible. And people you didn't know didn't have any way to know your face, unlike now with photographs and videos available.

OTOH, yes, in some small village your reputation stayed with you. But:

a) That reputation was built on mostly serious stuff people would remember about you -- perhaps an adultery, that you were a drinker, that your father was a thief etc. They didn't have a permanent record of every BS you said or done, e.g stuff you casually said when you were 14 or some misguided act you did at some obscure place at 23.

b) That reputation was mostly based on heresay. Not hard evidence, like photos, videos, profiles, etc. It was softer, and much less encompassing. And people not directly present when you did something, only heard about it from others, with less important stuff just getting forgotten naturally.

c) People could (and did all the time) change residence to escape an ill reputation.

Unfortunately it is (sometimes) difficult to force technology to comply to our arbitrary social norms. See a lot of the examples of special cases and complications in this thread. A better example is the attempts to enforce copyright law on the internet.

I don't disagree with you, I'm saying it's rarely as simple as just banning X, once technology makes X possible.

Unfortunately freedoms actually come with costs in the real world, which is why freedoms are never absolute.

Who pays for the immense amount of arbitration necessary to allow a billion internet citizens to file takedown requests while not essentially giving every politician, criminal and bozo the right to erase information they don't like about themselves?

yes but an emplyer can still find that information. it still exists. the record is either public information or not. there's no middle ground. a record being "public but must be made really difficult to find" is completely illogical. and a scene from hitchikers guide to the galaxy

These two things are not illogical.

The record can exist and it might be a breach of someone's fundamental right to privacy to make that record available via data processing.

The ruling did not state that the record will not cease to exist or would not be accessible, but that data processing of the information could be a breach of the person's right to privacy.

Another example: Let's say Bob actually only did commit a very minor crime. In the EU the ability to rehabilitate is protected by law. Only certain government departments have the right to access certain classes of crimes on a criminal record after n years.

If you were to make a database of court judgements (nearly all of which are a public record of fact), and make available Bob's criminal record after n years had passed. You would definitely be in breach of the law.

This has existed in law for a long time and isn't completely illogical.

Read the ruling, it acknowledges records of fact and states that the right to process those records doesn't trump the fundamental rights.

It's why they're called fundamental rights and data processing isn't on that list of fundamental rights.

Another example: in Sweden I can walk into the tax office and find out how much someone earns. I just need to ask. But I can't bulk download this information. That isn't available. This prevents easy and obvious abuse, but invites investigative journalism for example, but requires some effort.

what if the investigator is investigating astory involving salaries?

He can do the footwook and find out anything he wants. But it takes effort, and the effort is a mechanism that prevents abuse of the system.

What a library that keeps physical copies or microfiche of newspapers reporting the crime. Do they have to cut out the articles? If not, what about any indices - do they have to find and remove references to Bob from any physical indices? Or only ones that are computerized?

The ruling was very clear, read it. The ruling clarified "data processing" of the records, not the existence of the records.

Google, as a search engine, performs data processing. That it holds the record wasn't touched by the ruling, but the press has mentioned "removed" when actually it is "don't data process" which has the effect of ensuring the record doesn't appear on a results page, but does not actually remove the record from existence.

Right, but as content is computerized, just about anything is data processing.

Wikipedia says that the definition of processing according to the directive is: "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;"

Indexing is obvious. A library's internal index system does data processing. If it indexes it's own collection, it would appear to be subject to this ruling, so that a person could demand that they are removed from the library's index systems, while still remaining in the archive.

What about machine translation? That seems like retrieval and adaption. Do all generic translators have to have provisions for privacy?

Browsers do retrieval to render pages. Do browsers need a list of verboten web pages that they refuse to render?

The law expects people to apply reason and judgement, not seek technical obfuscation.

>a record being "public but must be made really difficult to find" is completely illogical.

Actually it makes perfect sense. Making it difficult adds a barrier. You don't have to make it impossible to prevent something from happening. Sure, you might not stop the most determined people, but you'll stop millions of cases by just making it harder.

It's not black or white -- as a lot of security people use to think for similar things like "security by obscurity" etc. Most of the time your adversary is not some highly capable entity, but just common folks who'd give up at the first barrier.

What's about Bob? Should employer be able to Google Bob?

Yes and no.

In the EU, Bob is dealt with by various laws that cover the rehabilitation of offenders.

A petty crime is essentially wiped from public record after some period of time, and a major crime isn't.

Bob's rights depends on what he is convicted of, if he is convicted at all. And in the case of a sex-crime or violent crime, then there are further laws that cover that.

It depends what Bob did, and importantly whether he was convicted of it.

The ruling doesn't conflict with existing law, it clarifies and extends existing law.

Not exactly correct. If bob is accused of rape then he can be named as an alleged rapist. If he is acquitted of the charges and you Google his name you will still see the rape charges story and perhaps the "acquitted" story is buried or just not in the first few pages of results. Worse still if charges are dropped then all you will really find on Google is the fact he was arrested for rape.

I sincerely think it's a good thing for the courts to look out for individuals's rights, but they are overestimating the power of the law. A thing can't be removed from the Internet once published, and forcing Google to remove it from their index is at best a middling measure that may slightly limit the exposure of said material.

I wish the court would grant me the right to fly as well, but it's beyond their power. I guess they just need a few more decades for the judges to die off and for the new old men to have a better intuitive understanding of the way the digital world works.

"forcing Google to remove it from their index is at best a middling measure "

I think you underestimate the power of search engines - simply having Bing/Google remove a reference to something, will eliminate it from view for 99%+ of the population. It's a lot more than a middling measure.

A lot of people would probably fail to reach "their Facebook" if it wasn't for Google...

Does Google have 99%+ marketshare? Will they always?

As long as the set of search engines that do have 99% marketshare are fairly few and reachable through EU courts in this fashion, then it won't matter what the market share of #1 is.

Presumably this applies to all search engines. In any case Google has larger market share in the EU than in the US, it's 99% marketshare is probably not far off.

I'd be willing to wager that 99%+ of all free-text searches go through one of Bing (which also powers Yahoo) or Google.

A court can't prevent you from being killed by a car either, but should that mean it shouldn't punish someone driving drunk? Even if that is, at best, a middling measure that may slightly limit the probability of someone getting hit by one?

I'm not saying I agree with this decision - I'm on the fence due to the concerns about freedom of speech - but I find that argument unpersuasive.

The law can be quite powerful, if you think of the length that corporations go these day to ensure compliance - the word "compliance" alone will probably trigger emotions in everyone who has worked in a large company recently.

When a CEO could go to prison for something, then the organization will adapt accordingly.

> "the organization"

Therein lies the problem. Courts can play whack-a-mole all day, but it's very hard to suppress something on the Internet. The only sensible thing to do is go after the original publisher and then Google takes care of itself. This idea of forcing takedown on search engines is treating the symptom not the disease.

The difference is that once it's removed from Google/Bing - it's effectively removed from the Internet. That is, the material may still be present, but if you can't find it with a random search, then it's not going to do too much damage.

Also - it's much, much, much easier to send a request to "De-Index" to two, large, organized, law-abiding organizations (Google/Microsoft) - than it would be to try and remove content from umpteen million various websites - that would be whack-a-mole.

This sounds a whole lot like the argument of the Recording, Movie, and other IP Industries of the world against safe harbor provisions. Why should they have to play whack-a-mole when then could get the government/your ISP/search engines of the world to do their work for them?

Correct - and indeed, Google/Bing respond to DMCA (and other takedown) requests all the time. Removing content from search engines (for some definition of search engine. I.E. Bing, Google, PirateBay, etc...) for, 99% of the population, does remove it from the internet.

Taking down the source is pointless when Google keeps the results and caches the contents.

Google only caches for a limited period of time, and also observes robots.txt . So adding a NOARCHIVE directive to the url would get google to flush its cache of the page.

I sincerely think it's a good thing for the courts to look out for individuals's rights, but they are overestimating the power of the law.

By your logic, it's a good thing for the courts to look out for individuals' rights not to be murdered in their homes, but they are overestimating the power of the law by making murdering people in their homes a crime.

You're mistaking the internet (a human construct) for the laws of physics (gravity, your point about the right to fly).

A couple of questions pop to mind:

- Will that affect the work of archive.org and the wayback machine?

- Is it okay for a politician to "erase" something he/she said 10 years ago?

The question that pop into my mind is "What about purchase history?"

We run a webshop and sometimes a get customer that demands that we delete all their information. They are entitled to make that demand, but at the same time we're required to store the same information for at least two year, in order to be able to handle returns, and maybe five years due to accounting.

I really do applaud the court for their intentions, but it leaves a lot of unanswered questions and challenges. In our case we would have to make serious changes to our ERP/CRM systems, it currently do not allow deletion of data, because that would be bad for accounting. Also: Can I deny you warrenty because you requested that I delete all data regarding your purchase and person?

You could send them an email containing a digitally signed receipt. If they ask for their data to be deleted and then later want to make a return, they could send you back the email.

While I do like the idea, that not how your average customer work. Don't get me wrong, I love our customers, but here's a short list of weird stuff we seen from them:

* Forget which phone number they used.

* Switch to a email provider and don't transfer emails.

* Delete email 5 seconds after receiving it.

* Enter wrong email address, twice.

* Forget where they live... ?

* Forget order number.

* Give you an order number for a different webshop.

* Call and tell you that you're spamming ( i.e. sending an order confirmation )

Yes, you and I will save an email for two years, the average customer won't.

Still, I'm loving the idea.

I think this is more about data that is being displayed publicly. I don't think purchase history falls into that realm, as that is private data that you have a right/responsibility to keep for your webshop's records. Just don't display it publicly, obviously.

You don't have to delete it if you can demonstrate that it's necessary to run your business. That's my understanding, anyway.

Google can demonstrate that they need my information and publications to run their business.

I don't agree.

I think they could perhaps argue that they need some information and some publications to run their business to its fullest potential.

I'm not sure they could prove that losing mrweasel's data is going to cause them any significant harm as a business, though.

Need is quite specific here - I suspect you need something more than Google can offer. E.g. required by legislation as part of running the business would be sufficient.

You do not need to delete the whole data. Just make it no personal data. Just erase the name, birthday and maybe the street.

In our case, based on what is "personal data" in Denmark, we would need to delete: name, address, phonenumber and email, that leaves us with the order number. the problem with that is that now we can't tell if it's the original customer that contacts us for a repair or refund, he could just share the order number with a third party... Yes, people actually try that.

What is the problem? If the customer has a valid receipt, the customer is entitled to have the repair / refund. There must be no difference to buying something in a physical store.

What consists of a "valid receipt" for a digital purchase? An email? A printed copy of an email? Either can be trivially forged if the company has no way of verifying the information.

Usually, when I order something online, I get an receipt via mail and paper (with the shipment). Mail and paper receipt contain order details which can be used to prove the legitimacy. And you can always sign the receipt (plain/text or attachment with the mail, QR code with the paper receipt).

It is important not to delete the order data, but to anonymize the user data. Your shop software should be able to handle this. Otherwise, I would use another product ;)

It is not necessarily deletion, but the "right to be forgotten".

Anonymize the data to the extent that the customer is no longer recognizable as the user, but you still have your information for accounting purposes.

Is is searchable for random person from his home PC? If answer is no, than probably no.

I'm pretty sure that a customer still have the right to demand that we delete any information about him or her, but I could be wrong.

i really doubt it covers purchase history. I think it covers more about the right to ask a blog/social media to remove your identify from the page. alison stokke would be stoked about this news

The wayback machine seems (to me) to be breaking EU law before we get to data protection; there is a copyright issue as well:


And what about my personal records of anything I see that looks interesting?

To the second: no. This is of public interest and public record.

But what about a few month before he declares his interest for running for office?

well make the difference between a user's profile data and a blog post/article.

Although I admit I don't know what sort of policy archive.org uses.

One quite an important fact is forgotten there, that publishing information is basically irreversible action. Even if google removed the information from their search engines, other search engines probably won't. And of course decentralized solutions to search engines are coming also, where information can't be removed even theoretically (for example, yacy.de)

I think what's more important here is that I'd have to right to ask the company to delete my info, even if it doesn't completely disappear from the web. If I ask Facebook to delete my account, then it better delete everything it has ever collected about me, no questions asked.

Facebook may or may not do that right now (who really knows, when they change their privacy policy several times a year), and if it does it, it's mainly because of some recent lawsuits in Europe. It used to be very reluctant to do so. Some companies, and I think Facebook, too, argue that once you gave them your data then it's "theirs". That's not right, and they shouldn't be allowed to act like that.

These are two different issues. Yes, Facebook should delete your info when you request them to. However, I find it more than a bit disturbing that someone can use the courts to force entities to pull public information that is less than flattering about them. Would you hold this decision in the same regard if it were about a CEO that was trying to bury that he was sued in the past?

You are confusing two separate issues.

Social Networks and Search Engines are not sources of administrative data. A CEO cannot bury that he was sued as the matter is a public record.

Should he be able to have that information removed from search engines who provide no context and social media accounts he owned? Absolutely.

The biggest issue I have here is one of fundamental honesty and equality in the legal system. By creating a system where someone with enough money and lawyers can make their past problems disappear, you only serve to make the legal playing field more unequal than it already is. Additionally, it starts creating much bigger questions as to where the line should be drawn. Should legal search services like LexisNexis also be bound by decisions like this? Should case records only be available to those that can afford to go to the courthouse on alternate Tuesdays between the hours of 9 and 10? In the end, this case only harms the law. The big still have access to the same data they always did, the small people are shut out again.

No, the biggest obsession you seem to have from your multiple comments in this thread is some sort of belief in absolute justice. Without the ability to forget our past mistakes, we are forever defined by them. You seem to be begging for that to happen.

You want to destroy someone's life forever. Everyone needs a chance to rehabilitate, whether or not they were guilty or successfully prosecuted or not.

Does it matter that this man wants to forget whatever shame this caused him?

I actually find it disgraceful that you have deliberately used his name in two of your comments. At the time of writing almost 10% of comments in this thread are from you.

What has happened to you to make you so broken and incapable of forgiveness?

My problem is that he's kicking and screaming in the courts, trying to make the fact that he had a tax dispute go away. Had he said nothing, I doubt anyone, even in his hometown would have cared all that much about the issue. Instead, he's chosen to bully people into removing facts about him because they're no longer convenient to him. Everyone makes mistakes, lord knows I have, but part of learning from them, and rehabilitation, is admitting that mistakes do happen, which this man seems incapable of.

I use his name because I'm tired of seeing well-heeled individuals throw their weight around in the court system. I use his name because he wishes to subvert public discourse. I use his name because he has chosen to make himself a public figure with his suit. Why should I respect someone who has chosen to disrespect the concepts of free speech, of open government, and of a fair society?

>I use his name because I'm tired of seeing well-heeled individuals throw their weight around in the court system.

Are you comparing the resources of a single individual against that of Google? Is the guy a billionaire?

>Had he said nothing, I doubt anyone, even in his hometown would have cared all that much about the issue.

Well, it would've been present for anyone to google. How much faith do you have in your capacity to defend well page-ranked libellous information against yourself? Part of rehabilitation is also not being permanently associated with your mistakes.

If your private financial information was published online, you should have the legal right to have it removed.

Private financial information does not belong online.

Do you believe, for example, your bank should have the legal right to publish the historical accounts of all of its customers tomorrow? Should that be protected by the right to free speech?

Almost nobody would think that was acceptable, because private information is private. Data Protection of private data is a legal idea that we generally accept in Europe, even if we don't do a good job of enforcing it (as perhaps we haven't here).

You should also have a right to legal access that would allow you to ensure your legal rights were upheld without worrying about the cost, but that is a separate issue which is really nothing to do with this guy.

> Without the ability to forget our past mistakes, we are forever defined by them.

On the other hand, it will never be possible for all such people to cover-up all such information about them. So the real solution (a societal recognition that no one is perfect) is still required.

If anything it would be easier for the truly crooked to pass off as "reformed".

> Without the ability to forget our past mistakes, we are forever defined by them. You seem to be begging for that to happen.

Forgiveness is not the same as forgetting. If anything, we should be pulling for a system for undesired past information to be easily correlated with subsequent information (an ability to comment on a search result, perhaps?)... Not a world where we try and erase or bury the past. To do so is to damage truth itself.

We should address the problem of partial correlation with better correlation, not less correlation.

Why do search engines provide no context? That seems remarkably arbitrary.

This notion that it's right and proper for information to be theoretically available in some technical sense, but it's bad that it be actually findable and usable, is absurd.

I never said that. You are reading into my comments the bias that you want to see.

Data for bankrupt individuals, disgraced corporate directors, criminal trials and legislation existed before Google - it existed in open repositories that anyone who had a valid reason could inspect. No license was required other than being a citizen.

Search engines provide no context because alongside credible and relevant information they will also display non-credible, libellous, inaccurate and harmful information.

If you can design a search engine that can filter for veracity then this law will not be required. Until then - it is.

But the data about Mr Gonazalez was true. So a search engine that filtered for veracity would not have solved his "problem".

This isn't about context or truth or people's feelings being hurt by bad things being said about them. This whole episode is just bizarre. There's a statement of fact about him, in a newspaper, and it comes up when you search his name. Apparently he did nothing else of note (except this court case) so what else should be displayed? Nothing? What's the point of a search engine that doesn't give you factually correct and relevant results?

A positive result does signify the absence of negative results. You are displaying conformation bias.

Put in legal terms; it is better for 10 guilty men to go free than 1 innocent man be incarcerated.

You are fixated on Gonzalez and he is a footnote in the wider issue which you seem incapable of grasping. You wanted to find a search result that returns evidence of immoral or illegal behaviour.

That does not exonerate Google from indexing the multitude of libellous, false and damaging materials that it has.

> Should he be able to have that information removed from search engines who provide no context and social media accounts he owned? Absolutely.

By the same logic one should also provide a means for people to protest indexes and tables of content in published literature. Opening a prominent business publication's table of contents and seeing a headline "CEO sued" provides no context and social media accounts he owned. However, we would argue freedom of the press and that since it is a print publication its simply recording a matter of public record.

You've never been able to hide from your past, good or bad. If someone was motivated they could do the manual labor necessary to dig -- review publications, talk to relatives, visit past schools, talk to the local PD and such. Simply having Google erase its table of contents pointing to an article discussing past indiscretions doesn't make them go away or unrecoverable. What makes people uneasy is the relative ease at which Google et. al. make discovering past indiscretions, lawsuits, and other public information possible.

The two questions that really need answering are should the past be easily searchable -- the information itself will never go away -- and how should that past information color the future?

That is a fair point and well reasoned.

I look at the issue less conspiratorially than some of the other posters. Whenever the law is changed, a party somewhere, is always quick to claim the political elite will benefit.

In it's current guise I support the ability of people to have inaccurate information about their character removed from search rankings/indexing services.

It boils down to the oft-thorny issue of what is reasonable?

I do not think it is reasonable to have cases removed records. I do think it is reasonable to have published media that portrays an innocent party as guilty removed from publication.

I don't know how that is accomplished but this legislation seems to be moving in broadly the right direction.

I can see it being used to right more wrongs than vice versa but I am an optimist.

Do not over-complicate it. Most cases are about deleting top-search results from Google. And most sites already have DMCA on place.

It would only delete from google.eu (or the various .eu suffixes).

It would not be deleted from google.com So if you are in the EU and want unfiltered information just go to google.com.

You can't use a DMCA takedown request for factual information, only something you can claim copyright on.

Weirdly, I think it's more for politicians to forgot their past mistakes and their past actions than for the average citizen.

Taking France as an example, a lot of content (An good example will be some old racist video of our actual primer minister, past corruption of the mayor of one of major cities, stupid tweets...) is going to be censored and removed from the internet. And this is going to happen. Don't ever think one minute, the first thousand of "forgottenness" will be for citizens and not for politics.

I think that's one of the stupidest backward law ever. Thanks for fucking up the internet.

Nope. Politicians, celebrities aka „public figures“ do not have the same rights to privacy. (due widely judicially established consensus in human rights/constitutional „continetal european law“). Therefore private person has judicially enforceable right for protect his private life to higher extend than public figures.

More often many European countries would not prohibit public display of “personal data” such as name, home address etc. Not only concerning all crime victims and children, but often also court rulings while being public, are published in such way, that names and other personal data is removed. So when you’d google a name of a person, public court ruling proclaiming foreclosure of his property would not appear in the search result, while some blog/news outlet could. The ruling only reacts to reality of modern day, that information doesn’t disappear. So while 50 years ago (or as today) the article about someone’s foreclosure would still be reachable in newspaper archives, library etc., but not via two seconds by googling. So if the right to privacy ought to be a real “human right” it needs to be effectively pursuable, so court seeks an approach when there is no reason to delete the newspaper article (it’s not fraudulent or slanderous”) but it’s digital trace via search engine interferes with one’s right to privacy.

I anticipate that EU, or individual countries will react by enacting/changing laws how to procedurally enforce that newly established right. How and when to file such request for removal of search result.

I am not looking forward to how this will impact discussion forums like the one we're on. Someone wants to be forgotten, therefore we must remove all posts someone made and destroy the context for everyone who may come along afterwards?

Just ick. Ick ick ick. More ill-thought-out "feel good" legislation like the cookie law.

I guess the takeaway is: Don't operate Big Data companies out of Europe..... Pack up your bags, apply for YC and move to SV instead...

All harassing publicly famous entities will achieve, is to make obtaining available information more difficult for regular people. While those with deeper pockets and better connections, will simply pay niche providers for deeper searches and indexing.

From a privacy POV, you would WANT this kind of White Hat demonstrations of where your privacy weak points are. That way, you are aware of them and can make accommodations. While third party services can spring up to address the most widespread concerns. Rather than show up for a job interview, and have the interviewer "know" something about you, that you have no idea is available to them at all.

The decision rules that it would be Google's responsibility to filter search results, instead of the responsibility of actual page removing private data. So you can find the data if you know where to look at, just don't use Google?

From the decision:

"... the activity of a search engine consisting in finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily and, finally, making it available to internet users according to a particular order of preference must be classified as 'processing of personal data' within the meaning of Article 2(b) when that information contains personal data and, second, the operator of the search engine must be regarded as the 'controller' in respect of that processing, within the meaning of Article 2(d)."

Hopefully replying to requests will be sufficient. Otherwise, even simply the obligation to detect that there is something the law requires to be removed will be a new burden on search engines and any similar services.

I think the problem is that if it isn't on Google it's highly unlikely people will find it unless they were looking for it. If your fear is people accidentally discovering it while doing a search on you (e.g. an potential employer) removing it from Google is key.

it's both. if the original site changes the data, you still need/want to remove it from caches, be it google, wayback machine, other search engines, etc. it's going to be a mess.

Not just a can of worms, more like a full barrel. Shouldn't the publisher of the data be the one you turn to in the first place? I hope there is more to this story than is being told by Reuters.

I am not sure how most countries in the EU handle the press, but without digging into this too much, it seems like this ruling greatly limits the freedom of press. What if a scandal is uncovered regarding a political leader or someone closely related with them? Does that person have the "right" to kill the right that the free press has to go public with the information? I really don't think something like this would stand up in the US at all, but I'm unfamiliar with press laws in most of Europe.

"What do we do when fundamental right X of person A conflicts with fundamental right Y of person B" is a question courts have been asking and answering for a very long time. There's a hell of a lot of ECtHR and CJEU case law on how to balance competing rights. I don't imagine it's any different in the US.

The US may draw the line a little further towards the direction of freedom of the press and away from privacy etc. than Europe does, but it's not like it's an unqualified right on either side of the pond.

"I'm sure there's case law that establishes some kind of balance" isn't really any kind of answer to the GP's questions...

..What would you consider an answer? GP asked what would happen. Answer: a balancing exercise. If you want some examples (from the UK, as that's where I live), try Campbell v MGN [2003], or In Re S (A Child) [2005].

From the latter:

"First, neither article [8 (privacy) nor 10 (freedom of speech)] has as such precedence over the other. Secondly, where the values under the two articles are in conflict, an intense focus on the comparative importance of the specific rights being claimed in the individual case is necessary. Thirdly, the justifications for interfering with or restricting each right must be taken into account. Finally, the proportionality test must be applied to each."

If you want my prediction on what'd happen if "a scandal is uncovered regarding a political leader... [can they stop the press going public using EU data protection legislation]", I'd say: no. Like, that's not even close to the borderline. Data protection legislation isn't even relevant to press reporting current events, anyway - more relevant for a (UK) political leader would be better off trying to stop a story is defamation law, which is subject to a whole other set of controls and defences.

Question: Assuming for a moment that there is a right to be "forgotten". Should that right be permanent? I would argue that while it is relevant during a person's lifetime, it actually would hurt the public good if we made it permanent. My thought process goes out to say 100 years from now, where there may be researchers/family members that want to know more. Should they still be restricted well after I am dead? Thoughts?

I don't think there's an answer to that.

Let's take Kafka, for instance. He gave explicit instructions for his work to be burned after his death. His executor Max Brod ignored this request, and published them anyway. The result? Both "The Trial" and "The Castle" managed to see the light. This is a clear case of the public good being richer due to a non-permanent "right to be forgotten".

But then again, we also have James Joyce. His executor destroyed some personal letters, but some others survived. Thanks to that, we have some very dirty letters he sent someone. Reading those doesn't really teaches us anything about his works, but seriously casts him in a bad (or at least, unflattering) light[1].

So back to Kafka. There are still unpublished papers that should have been destroyed, but weren't, but at the same time haven't been published yet[2]. So what if Kafka's remaining papers cast him in an equally bad light as Joyce? Is it okay for us to ignore his specific request for those papers to be destroyed?

I don't really know. I could imagine some kind of experts voting on that (the same way that we never managed to see Stever Irwin's death video), but it's an idea with many obvious flaws.

[1] http://harkavagrant.com/index.php?id=32

[2] http://en.wikipedia.org/wiki/Kafka#Unpublished_papers

Once someone is dead their right to privacy is significantly diminished.

So how does one go about asking Google to remove a front page search result about yourself that you do not wish to exist?

Google are famed for having virtually no way of contacting them, does it require the individual to jump through hoops to do so?

And no, not thinking of myself... but wondering just whether there are mechanisms available already to those who will now seek to exercise their right.

It will require a judge in the EU who will submit his findings to the legal representative of Google EU.

If there will be enough of these cases infrastructure for the legal representative to handle the cases will be put in place; but I didn't see any requirements for Google to offer a procedure for taking down personal info.

If this is a right you as a citizen have it will probably not require a judge at all. As this is legal stuff an email probably won't do but if you send them a letter Google probably has to comply without a judge ordering them to.

The wording is very cautious though (under certain provisions, in certain circumstances, etc.) implying that it very much still is at the court's discretion.

Why didn't he ask the newspaper to remove his information?

Is Google to remove the search results (the link) or just their cache?

I'm too lazy to look up a primary source for this, but it seems that the newspaper article was published as a legal obligation: http://www.nextinpact.com/news/87482-existe-t-il-droit-a-oub... "La CNIL espagnole avait rejeté la réclamation contre le journal puisque les informations avaient été publiées en raison de contrainte légale.", meaning, "The Spanish equivalent of the CNIL http://fr.wikipedia.org/wiki/CNIL had rejected the claim against the newspaper as the data had been published due to legal constraint [sic]".

Mario Costeja González sued both Google and the Newspaper to remove the data, asking both to completely memory hole that his property was ever put up for auction. This includes links in the search results.

While I agree you should be able to delete something off the internet ( to a certain degree ). How is putting up something for auction, which is an act of public disclosure, be a privacy issue?

I am not sure about Spain, but there are plenty of countries in today's world which have the flat / house selling price listed for the past 10 - 20 years.

The court is making a distinction that may be hard to define because it is somewhat arbitrary and subjective. It's OK for this auction to be advertised locally, but not further from the area? Does this apply to any aggregation or reposting of data that is publicly listed somewhere else, if it mentions identifiable individuals?

"Dearest Max, my last request: Everything I leave behind me ... in the way of diaries, manuscripts, letters (my own and others'), sketches, and so on, [is] to be burned unread." ~Franz Kafka

... and I wonder how much of the work of a genius would have been lost forever if his wishes had been honored.

So where this sensitive information starts? If I write on my blog something like "Today I went to the zoo and saw John Doe talking to giraffes", will John Doe have the right to force me delete this text?

If John Doe was supposed to be on a business travel, but was actually at the zoo with his mistress, it can cause harm.

You should retort that it was John's mistake in the first place to lie and cheat, and that is not your fault, and that maybe he should be rightfully punished. However, we are all humans, and no one is perfect.

Very basically the "right to privacy" is the right to make errors and to not be judged for something you said or did twenty years ago. Let he who is without sin cast the first stone, etc.

And can we look forward to court sanctioned erasing unwanted people from the photos on Google search if a few years down the road we decide it really isn't so great to have a photo showing us next to someone we don't like anymore.


This whole thing seems kinda crazy to me, but we will see how it works out.

At the same time, if one is able to bully people into keeping quiet, it becomes a lot harder to find patterns of misbehavior, and to avoid persons who are better worth avoiding. Mr Costeja González had a dispute with a government agency 25 years ago, most people will not give much notice to that nowadays. However, his attempts at litigating away his past, in my opinion, reflect a lot more on his lack of character.

I have no idea what kind of character mr. Gonzalez is (and suspect neither do you), but how about this hypothetical example. Imagine you were wrongly accused of child abuse 20 years ago. Charges were eventually dropped for lack of evidence.

Do you really think information like this would have no influence on your life or that you wouldn't care?

I know far too little about this ruling to have an opinion of its impact, but I am not a free-speech absolutist because of cases like the above where lives are unjustly impacted long after publication.

No need for it to be hypothetical - exactly this is happening in the Bitcoin world right now. Someone got elected to the board of the Bitcoin Foundation and once the election was over, people bothered to search for his name (oddly not before?) and discovered he has murky allegations that he was found in a house that had lots of child porn and guns, but it all happened a long time ago and there were no charges filed. So: exactly that situation. Now people are resigning from the Foundation because of that history.

The situation obviously really sucks for the guy in question, but is making that information hard to find really the fix? I doubt it - eventually someone would have discovered anyway, and then attempting to get it removed from search engines would merely "seal the deal" in the minds of some people. The problem is not access to information. It's that too many people in our society can't handle this new found power, to discover or read things people did long ago. Look at how people repeat things Mark Zuckerberg said a decade ago as if he couldn't possibly have changed since he was a university student. That's not a problem with search engines or the subjects: it's a problem with all of us.

Conversely, imagine you were abused several years ago, and the police dropped the case through incompetence, etc. Would you want information regarding your abuser to be disappeared because it's inconvenient? Being able to make information disappear very well could harm vulnerable people if they knew people in states of power could make uncomfortable facts go away.

Of course not, but somebody not me would have no way of telling if the guy legally innocent really is or not. What it would come down to is his perception.

It would be very easy for me as a white straight middle class guy to be OK with "eternal memory" since it is unlikely to do me much harm. However it doesn't exactly require a huge leap of imagination to think of all sorts of scenarios or groups of people who can't afford the same attitude.

Hence I am not jumping to condemnation before I learn more.

I'm not sure I agree with the idea that it's the right to make errors.

That's part of it, but there's plenty of things that I wouldn't class as errors that I could well want to keep out of the public domain, such as illness, working on a confidential project or looking for another job.

I don't think "right to privacy" is the right to make errors, it's very different. And public errors are certainly not private.

The reason why most applications don't have an undo operation is because it is something that needs to designed from the ground up. Its really too late for the Internet to have an undo.

"The company says forcing it to remove such data amounts to censorship."

Don't they see that personal censorship is something good opposed to government censorship?

One argument for why this is a bad idea has its roots in politics. Imagine if a candidate running for office (or any public figure) had the ability to santitize his search results to remove all 'bad' listings. The public perception of a candidate or political figure could always be distorted in a manner that is always favorable to the candidate. Public dissent could therefore be surpressed.

Note though, I'm not necessarily for or against this bill. It could be very useful fot private citizens but we should consider how public figures are effected as well.

I think that public figures should not be evaluated by "some things in the internet" it is easy for opponents to craft "bad" listings. On the other hand I think public figures have more power to remove such things if they have connections, lawyers and simply more money than average Joe.

> Note though, I'm not necessarily for or against this bill.

What bill are you referring to? If you mean the EU data protection directive that this decision's interpreting, it's been law since 1995.

The biggest issue is that we don't own our data. It's stored in Google, Facebook, Twitter, LinkedIn etc.. servers. It should work the other way around, every individual should keep his own data and provide permissions to external services and other people to access it. Is there any project looking into this direction ? How do we reverse this situation ?

It's not your data, just because it's about you.

In this case the article in question was published by a newspaper, in fact due to legal requirement. So the law here is totally messed up. It says the data must be published, but must not be findable. A farce.

> It's not your data, just because it's about you.

sure, I agree.

In this case I think the mistake was made by the Ministry of Labour and Social Affairs who didn't understand the consequences of publishing one person's sensitive information on the internet. In my utopia though, the newspaper would have asked (and forcefully obtained in this case thanks to the Ministry authority) permission to Mr Gonzalez to access his sensitive information, only for the amount of time required by the bidding process.

It is your data - Facebook, Google etc are just custodians of your data and you have the right (under EU law) to have that data removed or anonymized.

The legal requirement is for the information to be published (once) and then, in the normal course of events "forgotten" after a period of time.

It is not the publication that is a concern, it is the permanence of it, and the ease of access that the ruling deals with.

Umm, we used to call those "personal websites". They were the norm during much of the 1990s.

They did take some time, effort, skill and money to set up, but they did give far more control over what information was shared, and who had access to it.

that's not what I meant. For example when using a mobile app, you can give access to your contact list, your position, your pictures etc...All data is stored on your phone and each application must get permission to access your data. What I would like is to extend this model to the web, so that any service that require some information from me will have to ask permission to get it rather than having me store a copy on their database.

If you are asking whether anyone working is working on a truly distributed social network, then the short answer is that a number of projects are trying but no-one has been very successful so far.

It does seem like this is a matter of time, though. We managed to build the entire Internet as a system of systems that work together remarkably effectively despite no one authority having universal control of everything.

The main thing keeping sites like Facebook safe today is the critical mass of customers they have, and the fact that current sentiments (and the occasional multi-million dollar marketing effort) encourage newcomers to put their data "in the cloud" in return for not paying any money to store it and not having to worry about the technical details. There are certainly technically viable alternatives.

A distributed social network would be probably part of it but still doesn't successfully describe my idea (utopia might be a better term..). I would like any service to ask permissions for any piece of data that I control. For example my bank wants to see my last payslip ? sure ask for the proper permission and for how long you need it. Dentist require a proof of my address ? no problems. It will allow me to change my address or phone number for example without having to notify all services (electricity company, bank, doctors, amazon, etc..). I'm actually in the process of moving house again and this is so annoying, why do I have to notify everybody to update the data they have about me ? Wouldn't it be better if they could just ask me about my data at the time they need it ?

The NSA, etc, never forgets...

And they wonder why so many Brits want to leave the EU.

Honestly, by now I also want Britain to leave the EU. If these guys think of themselves as an isolated island in the middle of the Atlantic rather than an important piece of Europe ten kilometres off the coast of France, fine, but they should stop forcing their curious worldview on the rest of Europe.

Worth noting that not all parts of the UK are anti-EU - there is a larger margin in favour of the EU in Scotland than there is against in England:


[Edit: I am a Scot]

Also worth noting that Scotland could realistically become independent of the UK in a referendum this year (opinion polls have a small margin against), which will leave it both out of the UK and out the European Union.

>out the European Union.

This is IMHO highly unlikely in practice.

Succession/secession law regarding EU membership is untested, but the simplest suggestion is that rest-of-the-UK retains membership, and Scotland has to reapply as a "new" member. I think that's what you're saying. But, this is awkward and probably not legally correct because it treats the two newly formed countries differently.

This is also not in anyone's interest, except for perhaps Spain (Spanish politicians are pushing this solution because they are worried about Catalonia): it forces two countries to do the opposite of what their electorate would prefer.

For now, this is just a propaganda designed to frighten voters: some other arrangement would be made.

Wikipedia has a large amount of detail: https://en.wikipedia.org/wiki/Future_enlargement_of_the_Euro...

Spain aren't the only country who have potential independence concerns and new membership does require all 28 countries to agree. My instinct is the same as yours - that ultimately it would happen - but I don't think it's just propaganda. It's fair to say that there are doubts about it happening (at the very least the timescales and mechanisms).

Given that much of England don't want to be in the EU perhaps the easiest thing would be that we adopt Spain's ideal approach but instead of England, Wales and NI remaining in and Scotland reapply, Scotland get the "existing" place and England, Wales and NI can reapply if they wish...

Edit: Englishman living in Scotland (for 7 years now with no intention of leaving whatever happens with independence).

There has been one poll of the 47 conducted since January 2012 which has shown a lead for independence. All others have shown a lead of between 3 and 32 points for the Scotland remaining in the union.

The two most recent polls I'm aware of show a 3 point and 15 point lead respectively (both for rejecting independence) The low one comes from a polling company consistently showing the smallest leads, the high one from a company showing the largest leads. Looking at all polls somewhere in high single figures with wide error bars would probably be the safest assumption.

I'm not saying it won't happen but the suggestion that it's a small margin suggests it's more likely than it really is.

Slightly out of date (to end last month) polling data here: http://ukpollingreport.co.uk/scottish-independence-referendu...

Britain? You mean the country that imprisons people for offensive posts on social media and arrests people connected to journalists under anti-terror laws?

If you are going to be condescending at least stay factual; the United Kingdom of Great Britain and Northern Ireland.

Britain is simply an island.

Can you be specific about which legal cases you are in outrage over?

If you are talking about David Miranda then he was lucky that we treated him so leniently.

As a former military intelligence operator I wrote a piece on the detention: http://urbantimes.co/2013/11/the-david-miranda-detention-why...

We were exceptionally lenient and reasonable in our treatment of David Miranda, regardless of what the general populace think.

He was a foreign national, in possession of UK Top Secret documentation, held on a non-secure IT system, and he was not a journalist. Why would anybody in their right mind think we would allow a foreign national to waltz off with our material is beyond me.

Replace "David Miranda" with "Chinese Hacker" or "North Korean Diplomat" and ask whether the detention would have been lawful then.

“A Chinese computer hacker was arrested with 58,000 TOP SECRET files from the UK intelligence community. He was spoken to for 9 hours and released without charge. He is requesting the return of his computer.” The UK public would be up in arms if our police services released that individual back to his host nation.

You think you get a free pass for being the partner of Glenn Greenwald?

"He was a foreign national, in possession of UK Top Secret documentation, held on a non-secure IT system, and he was not a journalist."

He was in possession of copies of UK Top Secret documentation. Given that other copies of the documents exist outside the UK and its legal jurisdiction, what exactly would be the point of detaining him?

I can see how you would arrive at that conclusion, it is also a point I deal with in the article.

Detaining was merely a means to removing the documents from his possession. Nothing more. Miranda was not intimidated and he also refused legal counsel.

However, let's take a less emotionally charged example.

A man breaks into your house - makes copies of all of your ID's, your bank records, passwords, logins, hard copies of your keys to your residence in a plasticine mould. Enough to considerably damage your financial, emotional and professional well being.

He also makes copies of anything regarding your family including schooling, medical, financial records and keys to whatever they own.

All of the material is then copied by a third party. Two copies now exist.

The police contact you and inform you that they can detain the one of the individuals with copies of your material but the other copies still remain at large in the real world.

By your logic, that man could neither be detained, questioned or have the copies removed from his possession.

As any serious penetration tester/corporate investigator will tell you. It does not matter how many copies of data exist, you have a legal responsibility to remove from circulation the copies that you can remove from circulation.

In your mind, once multiple copies of data exist then no further law enforcement action is required. Those involved in industrial espionage just voted for you en masse.

I assume that if I enter your place of work, copy all of the IP, pass the copies to a third party you now believe I am free to go and can keep the IP in my possession?

"By your logic, that man could neither be detained, questioned or have the copies removed from his possession."

I didn't say they couldn't detain him. I asked what the point - the actual objective - was.

I think you have a valid point that reducing (by one) the number of copies of the document collection in circulation was a valid and rational action by the UK authorities - especially since it appears that Miranda was carrying a piece of paper with the encryption password written on it. But it's also an empty gesture given how quickly the documents could be re-copied. How many new copies could be created by others during the nine hours that he was in detention?

Your analogies with people breaking into houses or places of work are sophistry. They involve the commission of criminal acts against individuals. Miranda didn't break any UK laws. Neither did Snowden.

It was rational and valid but it was also dictated by legislation. We had to.

I don't consider my reasoning to be sophistry at all - your claim that Snowden/Miranda broke no laws is simply a sleight of hand to avoid the thrust of the argument.

Do you believe those in possession of copied IP, in contravention of legislation, deserve to be detained and have the IP removed from their possession?

Which specific piece of legislation required it?

To answer your question: I believe in the rule of law, so it would be the decision of a court as to whether some item in a person's possession should be taken from them.

Like this decision?


The Facts of the Case

"He provided them with encrypted data which had been stolen from the National Security Agency (NSA) of the United States. The data included UK intelligence material. Some of it formed the basis of articles in the Guardian on 6 and 7 June 2013 and on later dates. On 12 August 2013 the claimant travelled from Rio de Janeiro to Berlin in order to meet Laura Poitras. He was carrying encrypted material derived from the data obtained by Mr Snowden. He was to collect computer drives containing further such material. He was doing it in order to assist in the journalistic activity of Mr Greenwald"

The document that you linked to is the judgement confirming the legality of Miranda's detention at Heathrow. It's not a pierce of legislation; its a judgement. It doesn't compel detention, it just confirms that it was lawful [1].

The judgement was also handled-down six months after the event, so how can you claim that it means the UK authorities had to detain Miranda at the time?

[1] I've already said that I agree that his detention was valid (ie lawful).

Detention was necessary to confirm or deny the reports that David Miranda was in possession of stolen documents pertaining to the National Security of the UK and, if found to be so, relieve those documents from his possession.

Once the classified material had been confirmed, security operators were then legislatively bound to destroy or other render unusable the material in question.

The legislation which required all reasonable and necessary measures are contained within the Official Secrets Act 1989, the National Security Strategy, the Data Protection Act and the Regulation of Investigatory Powers Act 2000 with detailed policy guidance promulgated to intelligence operators via HMG Information Assurance Notes (1/2 (SPF)) and, more importantly, HMG Information Assurance Note 5 and the Joint Services Publication 440 which governs counter-compromise measures.

Ultimate responsibility for HMG security policy lies with the Prime Minister and the Cabinet Office. Departments and Agencies, via their Permanent Secretaries and Chief Executives, must manage their security risks within the parameters set out in the framework, as endorsed by the Official Committee on Security (SO).

All HMG employees (including contractors) have a collective responsibility to ensure that government assets (information, personnel and physical) are protected in a proportionate manner from terrorist attack, and other illegal or malicious activity.

The loss or compromise of such Critically Important Assets would have a severe, widespread impact on a national scale and Departments must work with the National Technical Authorities and the Cabinet Office to ensure they are afforded appropriate levels of protection.

[] [] []

Points to note

a. The judgement was handed down 6 months later in response to the challenge by David Miranda. There was never any doubt that Schedule 7 was applied correctly from the outset apart from by the Guardian, Greenwald and Miranda.

For anyone who is wondering, the article referenced in the post above is well worth a read.

Thank you, I really appreciate that. I attempted to keep the issue as distinct as possible from the actions of Edward Snowden and just focus on that one incident including the reasoning behind it.

You're welcome. It's a great reminder that it's easy to criticise "the machine" from the sidelines, but when you're part of it there are protocols and processes and systems etc that mean there really is no latitude. Also, your point about making judgements while not knowing the whole picture is important and easily overlooked.

>and he was not a journalist.

There's not a license (in freer countries) that you have to have to be a journalist. If someone is acting as a courier between two reporters, or between a reporter and a source, they're certainly acting as a journalist.

There isn't one clear-cut legal definition of a journalist, but it's a topic that has been extensively hashed out in different jurisdictions and contexts. In any given situation the argument over who counts as a journalist will depend on the laws and precedent for that context, almost without regard to the commonsense meaning of the word.

Absolutely not and under UK legislation that was safely put to bed, and rightly so.

That would allow a Foreign Intelligence Agent, Thief or Fence to transit goods between two parties as long as both parties referred to themselves as journalists

Legally absurd.

I would love to see your legal argument that a courier is adopting the professional status of the those who is delivering or receiving from. If FedEx deliver medical records to your house, be sure to ask the courier to perform brain surgery.

For "offensive" read many repeated credible threats of violence, including rape and death threats.

Yes, I understand that. But there have also been people arrested for racist remarks, making fun of a death etc.. Undoubtedly these people are assholes but if we had true freedom of speech they would be allowed to speak. My point wasn't that I disagree with these people being arrested it was that if the op thinks Britain has free speech and the rest of the EU doesn't he/she is delusional.

Yes, correct. It's a big concern. Trivially we all remember the student arrested (though later released) for jovially referring to a policeman's horse as 'gay'. As if calling someone or something 'gay' is an insult! How do they work that out? But away from the EU we can find ways of getting this nonsense out of our system and maybe slowly return to sanity.

Indeed, especially as we're all governed by quite literally the same free speech laws.

I think k-mcgrady is talking about free speech as a concept independent of the legislation. Allowing the law to redefine free speech is a dangerous idea.

Fair point, but two wrongs do not make a right. In this case, Google is right that the ruling amounts to censorship. It's an attack on free speech.

Even worse - it opens the gate to Winston Smith's job.

Data protection legislation is, and always has been, about your ability to control information that's about you. Winston Smith's job was about controlling information that's about other people. Do you really think that's a distinction without a difference?

No. But it sets dangerous precedent about what truth is. And we all know how all of this stuff creeps.

But if a court can mandate something to be forgotten, what prevents the next case of mandating what could be altered.

Does an author have a right his bad books to be forgotten and to claim that he has only bestsellers?

Do I have a right to be forgotten about my previous to last disatrous project and only for the last one that was stellar.

Does Obama have a right healthcare.gov roll out to be forgotten?

Does Bill Clinton and Monica have that right too?

This is rewriting history.

> we all know how all of this stuff creeps.

Implying that there's a slippery slope to get from "I can control a company's use of information that's about me" to Winston Smith's job - controlling information about other people - is like saying that suicide being legal is a slippery slope to murder being legal. After all, it's just a difference between me doing it to myself and me doing it to other people, right?

> But if a court can mandate something to be forgotten, what prevents the next case of mandating what could be altered.

You're forgetting the context of this, which is data protection legislation. The court isn't "mandating something to be forgotten". It's letting someone enforce a right to object to a company processing data relating to them.

Actually, privacy protection is one of few issues in which the EU is on the side of the citizens.

Also, anything critical of the EU will get you downvoted into oblivion on HN.

I sincerely hope that the upcoming EU elections will open people's eyes to the waning support for the EU's faux democracy. (In the Netherlands there is currently a large crowdsourcing initiative being set up to counteract the EU's censorship of the election results. Although most voters are likely to simply boycott these fake elections.)

I don't think they're on the side of the citizens.

Consider that the EU was A-OK with all personal financial data being shipped to the US Treasury department, despite that it clearly violated basically every privacy law on the books.

Now consider that EU countries are all falling over themselves to agree to FATCA, despite that it also violates privacy laws which say banks aren't allowed to send client data abroad. Their "solution" is that instead of banks directly sending data to the USA, first it gets sent to the local government, and then the local government sends it to the USA. See, because governments don't have to follow their own laws. Great, isn't it.

So far the EU's "standing up for the citizen" amounts to selling everyone out to the Americans, and breaking the setting in my browser that says I don't want to be bugged every time a site sets a cookie. They broke my browser! And .... now this. The EU needs to get the hell away from the internet before they screw it up even more ....

You do realize that the EU is becoming steadily more "democratic" and especially this election is an important milestone for this process?

While there certainly is a problem in how democratic the EU is, they are steadily working on solving this problem.

I think the problem is that the democracy is largely symbolic. For example, elected representatives are unable to propose legislation, they are only allowed to approve it. Only the European Commission is able to propose legislation, and that is an undemocratic body -- there are only 24 commissioners who couldn't possibly represent the views of the "electorate" in a fair way. They also have a mandate to act in European interests, which makes it difficult to legislate against further EU expansion and authority. It doesn't really matter that the EU president is a democratic position in these elections, because he or she really has no authority as far as the appointment of the 24 commissioners is concerned.

But the governments appoint the commission. That’s democratic.

It’s one or two steps of indirection (and you could make a decent argument that two steps of indirection are too many), but that doesn’t make it undemocratic.

This indirection isn’t uncommon in democratic systems. For example, the German chancellor is only voted into office indirectly by parliament. She can then appoint any ministers she wants, no confirmation needed by anyone. No one would call Germany undemocratic.

The EU commission just works similarly, only that in its case elected governments are making the appointments, though they have to additionally be confirmed by the EU parliament.

I’m all for structuring it differently, but to call it undemocratic is just wrong. Its structure is in many ways problematic, but that’s nothing that can’t be fixed.

Yes, the parliament should get the right to initiate laws, of course. But your look on this is a bit too weird.

Having 740 million people represented by 24 councillors is not democratic. Even if they are elected in "second order" by our elected politicians, one person could not possibly fairly represent its country's citizens. We already have a first past the post system in the UK, so this is essential the 'squared' form of that. The House of Commons has a mixture of different politicians and parties representing its electorate. The single MEP, however, only represents the majority government so there is no diversity of opinion in the commission. The definition of democracy is representation of the population, not representation of the 51%.

What's the point of having 750 MEPs if they can only approve sanitised legislation?

Giving more powers to the parliament is not very feasible, since all the EU skeptics are against that …

I want it.

What do you mean, censorship of the election results? Genuine question, I haven't heard of this. (Perhaps that's by design.)

I think he's referring to an issue with the European Union laws which state that election results must be held back until all member states have finished voting. However, in the Netherlands, it is law that results must be counted immediately and published as soon as they are counted. So, in the previous election, the vote was technically illegal under Netherland's laws. However, this time around, it seems Netherlands isn't holding a vote until the last day of voting.

Who is 'they' that you are referring to?

British politicians.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact