Assorted Stuff

wasting bandwidth since 1999

Tag: europe (Page 1 of 2)

Mining Data (Non-Intrusively)

January 22, 2020 / 0 Comments

Related to the previous post, one way I follow news around the right to be forgotten, and the larger topic of data privacy, is using Google news alerts. Not a great research system, instead a little like mining for gold: most days they deliver a whole lot of dirt, mostly from obscure sites.

Then there are the little nuggets that occasionally show up.

Like this press release from a UK start up that promises to “give people back ownership of their personal data online”.

Ok, tell me more.
Continue reading

Do You Really Have a Right to be “Forgotten”?

January 20, 2020 / 0 Comments

8d08930r

One “tech” story that seemed to be missing from most of those decade-in-review pieces is that of the “right to be forgotten”. Although this issue is really more about privacy and use of personal data, it’s more relevant to tech than stuff like Amazon extorting local communities in their “search” for a new headquarters.

The concept first jumped on the radar for most people in 2014 when the European Court of Justice ruled that EU citizens had a right to ask search engines to remove “inadequate, irrelevant or no longer relevant” information from their results.1 I first began following this issue around that time and, as you might expect, nothing about this decision turned out to be that simple.

Continue reading

The European Approach to Protecting Your Data

February 25, 2018 / 0 Comments

Almost four years ago, the highest court in the European Union (EU)1 ruled that citizens of member countries had a “right to be forgotten”. Of course, that ruling left some holes and more than a few questions. But it did trigger some increasingly public conversations around the general topic of privacy and personal data.

That discussion, paired with some massive data breeches at high profile companies, led the EU Parliament to create a new set of laws2 dealing with data security and privacy. Those rules, the General Data Protection Regulations (GDPR), will become effective in the EU beginning in May.

In general, the GDPR sets strict guidelines for the kind of data that can be collected from individuals by companies and organizations, and how that data can be used. That data includes anything that can be used to specifically identify a person (including social media posts, location info, photographs, etc.), as well as not so obviously personal information like race, religion, and politics.

GDPR also requires companies to obtain more specific consent from the user as well as explaining more clearly how their data will be used. Specifically excluded is vague language like “Improving users’ experience”, “marketing purposes”, or “future research”. Companies must also make it easy for users to withdraw their consent and are then required to delete the material they’ve collected. 

So what has any of this got to do with those of us not living in Europe? Plenty.

While the regulations are specific to the member countries of the EU, most of what I’ve read about them suggest that all of us in the US, and elsewhere in the world, will likely be affected by them.

The law applies to any company or organization that does business in the EU member countries and collects personal data from their citizens. That includes many based in the US, familiar names like Facebook, Google, Microsoft, Apple, and more. Since most multinational corporations shuffle information around the world, it’s very likely that they will need to adapt their data handling practices everywhere, not just in Europe.

Plus the law also also provides for some pretty hefty penalties for misusing or failure to secure the data, including fines of up to €20 million or 4% of “global turnover”, whichever is larger. To put that in some perspective €20m (about $24m US at the moment) is pocket change for Facebook. 4% of their total income is not.

I know, all of this is pretty geeky stuff.

However, it’s also important if you’re concerned about the data most companies are already collecting about you and others. If you’re interested in more details of the GDPR in basic, non-legal language, check out this rough guide to GDPR and/or this short summary directed at US corporations.

Of course, the EU laws are not perfect. There will likely be much confusion when they take effect, and when the first law suits follow not long after. It will be interesting to see whether the big data collectors will be forced to change their behavior. Or will they just find new ways to continue their current practices? After all, our information is the foundation of their massive profits.

Beyond that, there’s also the larger question of whether the US should implement similar laws? It’s not likely to happen in this political climate, with political “leaders” who claim that the “free market” will protect us all. But maybe some outside pressure on US-based companies may effect some need change.

The map is from the BBC, showing the current configuration of the European Union. Of course, their home country, the United Kingdom, is in the process of a very contentious “Brexit” from the EU, so that map could change in 2019. In more than one way if the people of Scotland and Northern Ireland make some hard decisions.

1. Very tangential side note: I love that the official anthem of the EU is based on Beethoven’s “Ode to Joy”. Certainly more uplifting music than the militaristic tones of most national anthems.

2. In some of what I’ve read, experts says that GDPR isn’t so much “new” law as it is a clarification of many different data and privacy regulations that are already on the books, combined with court rulings. Either way, GDPR is likely going to change the way companies do business in the EU, and possibly elsewhere.

The Right to Censor

May 27, 2016 / 2 Comments

Two years ago this month, the highest court in the European Union declared all of their citizens had a “right to be forgotten”. Specifically, the justices said anyone could request that Google (and other search engines) remove from their results links to information about themselves that was out of date or in other ways irrelevant.

In the time since, the ruling has raised many questions about the concept, and created many more problems than it has solved.

Starting with the fact the court handed Google a great deal of power in determining what information should be “forgotten”. This at the same time the European Union is very concerned about the amount of data being collected by many large, multi-national corporations like Google, as well as where it’s being kept.

Then there’s the confusion over the requests themselves and what happens to the information. Completing the online form doesn’t automatically lead to removing a link. According to a recent report “Google refuses roughly 70 percent to 75 percent of requests”, with the top two reasons being the information concerns the professional activity of the requester or the fact that they “are at the origin of this content”. They also get a lot of compaints from people outside the EU who don’t understand why they can’t play in this game.

Plus, the information “removed” is still stored somewhere on the web. Deleting articles from search results has pissed off European news organizations, some of which now maintain lists of their forgotten links. Is Google now obligated to remove results that bring up those pages? Or to stories about links that have been removed? TechDirt, a Silicon Valley news site that deals in technology and government policy, has been playing with these questions and more by regularly posting on the right to be forgotten with links to “disappeared” stories included, to observe how quickly they are removed.

As amusing as some of the stories related to “right to be forgotten” are, there is a really scary aspect to all this. This is all part of a concerted, sometimes aggressive effort by governments all over the world to control the flow of information.

And not just in their countries. France, for example, has told Google they must “respect French “right to be forgotten” rulings worldwide”. The company is pushing back (for now) but the world is full of disreputable government officials who would like the power to disappear more than just embarrassing information.

Anyway, this issue of censoring digital information is just getting started. In terms of all of recorded history, the internet is a very new communications medium, and very much unlike other undemocratic, more easily controlled channels. It will be interesting to watch just how badly governments and large corporations can screw up the web and the creative new ways of circumventing the blocks people will develop.

For now, happy second anniversary to the “right to be forgotten”, although I’m not sure anyone interested in an open web should be celebrating.

Forgetting History

December 18, 2015 / 1 Comment

In May of 2014 the European Court of Justice, which is roughly the equivalent of a supreme court for the countries of the European Union, decided that their privacy laws provided citizens with a new right: the right to be forgotten.

Specifically, the court ordered Google to remove from search results that are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed” in European countries. The order was later extended to include Bing and other search engines.

It’s been interesting to watch the whole “right to be forgotten” story unfold. Now, a year and a half later, there are still far more questions than answers about this concept and how it is applied, not only in Europe but world wide. Questions that include:

Why didn’t the court require that the original material be taken down? From what I’ve read it’s because the justices felt existing libel and slander laws (which are much tougher in the EU than the US) covered that territory so this ruling applies only to search engine listings. Think of it as removing the card from the library catalog but leaving the offending book on the shelf (an analogy for all of us who remember “card” catalogs :-)

Who decides what’s “inadequate, irrelevant or no longer relevant”? Good question about very vague criteria. Turns out the court left that up to Google and the other search providers to determine. Anyone in the affected European Union countries can submit a request and then… someone at Google decides. And they have received a lot of requests.

Since the policy was put into place last May, Google reports that it’s received 348,085 total requests to remove links, covering a total of 1,234,092 URLs. Around 42 percent of the links (excluding cases that are still pending) ended up being removed.

Are stories written about the “right to be forgotten” process, ones that include links to material removed from search results, also required to be removed? Evidentally, yes. At least according to the UK “data protection watchdog.” A news site called Tech Dirt has been testing the process by writing a new post linking back to their removed posts every time they are notified of the removal. So far, they seem to be winning and many of the more traditional news outlets are posting their own lists of “forgotten” articles.

Does the “right to be forgotten” extend outside the European Union? Well, it seems the French government thinks it should. Last summer they ordered that the concept be applied everywhere in the world Google did business, with threats of heavy fines for non-compliance. Needless to say that didn’t go over well outside of France and, as far as I can determine, Google has not complied with the order.

There are, of course, many more questions about a “right to be forgotten”, along with the broader topic of privacy in a digital age, with very little that will be settled soon.

However, it’s a very interesting subject, one that anyone who lives and works on the web should be paying attention to. More ranting to come in this little corner very soon. You have been warned. :-)

« Older posts

© 2023 Assorted Stuff

Theme by Anders NorenUp ↑