Really weird dichotomies they're drawing. Clearly the intent behind the right to be forgotten is to be removed from whatever indexing Google does to display results regardless of where the query comes from. Trying to map national boundaries over data is why this person is having such a hard time trying to make a convincing case.
Data does not care about countries and national boundaries since clearly the google servers doing the indexing could be in space. In which case would they be allowed to not comply with any requests by people to be removed from their indices? Or would they be compliant depending on which continent the servers happened to be over at the time? Bordered data is an absurd concept and this person is being very disingenuous by framing the argument in those terms.
They don't need to restrict access by Google search domain. They can do it by search IP geolocation. Thus, if you're in France, you won't see the result from any Google site, but if you're in Germany, you will see it on all Google search sites.
I agree with them that worldwide banning is troubling, especially if there is open door for any country to ban anything from any other country.
Let's not forget that deleting something from Google doesn't delete it from human memory, the source website or mirrors it might have, and from other search engines. What gets on the internet tends to be resilient to deletion. Google can only do so much and they didn't write the content in the first place. They are just infrastructure.
I'm saying the concept itself is absurd to begin with. Is all French data kept on French servers? Obviously not. Whatever infrastructure google uses to power their data layer is replicated across continents. So when a French citizen says "Remove me from all your indices because my government gives me that right" google is not allowed to insert some extra phrases in there like "only if the person requesting that data is also French or is asking for the data from servers located in France".
Even if we assume that somehow all French data happened to be located on servers in France then complying with those requests would mean purging the data except it is obvious they are not doing that if a person from another country can access the data. So however you slice it google is either non-compliant or is purposefully misunderstanding what it means "to be forgotten" from their indices.
Is France the only country that gets this power? What happens when China demands the removal of Tiananmen Square wikipedia article in the name of unity? Or when the UK requests the removal of the Vietnamese napalm girl in the name of decency? Do we just keep taking down results until we're left only with things that no country objects to?
I think you may misunderstand what the right to be forgotten usually refers to. It's not about a user's "data" such as emails or online comments; it's usually about news articles that mention a person.
Surely you would agree that no matter what French law is, there is no way a French judge should be able to force, say, an American company to not display links to American websites (which happen to mention a French person) for American users?
(disclosure: I work for Google, but not on anything related to RTBF, and my views are my own)
The newspaper who wrote an article about the Frenchman has a right to display that article to people outside of France and has a right to have search engines index the article to drive traffic to its website.
The Internet user outside of France has a right to read something critical of the Frenchman to decide whether to do business with him on that basis and has a right to find that information using a search engine.
Right. And what happens when an Internet user in France opens a VPN connection that has an endpoint outside of France, and accesses information that the French government doesn't wish him to see?
You can prosecute the Internet user, of course. That's what happens in China, for instance.
You can try to detect VPNs and make it a crime to even try to create such a VPN. That's also what happens in authoritarian countries.
But is that the right way for France or other EU countries to go? No.
If you think bordered countries make sense, then bordered data should make sense, right? Can't we trace packets back to a physical emitter?
I don't think this is a non-issue at all. If we replace "data" with "nukes", it's obvious that borders matter. Neither nukes nor data care about borders, but people do.
I think the last sentence sums it up really well:
"...should the balance between the right to free expression and the right to privacy be struck by each country—based on its culture, its traditions, its courts—or should one view apply for all?
Google is mis-directing here. It is obvious what I mean when I say "Delete me from all your servers". I don't care what country those servers are in. This is not a freedom of expression vs privacy issue. This is people being in charge of their behavioral and historical data that google has locked up in their data silos. Framing it otherwise is disingenuous. I'm still free to express myself however I want on whatever forums I choose. Whether google gets to freely index and profit from it is the real question except their lawyers are trying to make it sound like they're champions of freedom of expression.
It's obvious what you mean, but it's not obvious how or why an EU law means Google has to change data in their datacenters in the USA for someone searching from Brazil.
What if Australia ruled that Google must keep all data on all people worldwide and forbid deletions. Should that override all other country laws? If not, why should the EU law affect other countries?
> This is people being in charge of their behavioral and historical data that google has locked up in their data silos.
It's not "their" data. People clicked "I agree", and it's someone else's data now. People aren't in charge of it, they never have been.
It's obvious what you mean, but it's not obvious how or why an EU law means Google has to change data in their datacenters in the USA for someone searching from Brazil.
It is very simple. A country (or union) can require businesses that operate in their country to fulfill a set of rules. One of the rules could be that it should be possible for any user of the service to remove their data.
Although a country cannot enforce these rules globally in the strict sense, it can forbid the company to operate in that country until it operates within the boundaries of the law. Some companies will relent to get access to that market.
(Whether this is a good idea is another question.)
Yes, and France runs the risk of Google saying "well, FU France" and closing its offices and presence there. If they try to enforce at the EU level, same thing.
"Pulling out" of the EU means closing a few small offices (except for Dublin). It has no significant staff presence outside of Ireland in the EU once the UK leaves - the offices in France and Germany are really small.
If Google decides to start moving staff out of Dublin, the EU would lose its last leverage over it.
The EU could then do a China and attempt to force ISPs to block Google services at the network level. Given how much the web relies on Google servers, that would break the EU internet. The EU is struggling already, there's no way they're going to shoot themselves in the head economically like that.
"it can forbid the company to operate in that country "
What does that even mean on the internet?
IE what do you expect them to do, and why is it the company's' problem?
Do you really believe if Google, Facebook, whoever, was to close up all their physical shop in say, France, and take no affirmative steps to "operate a business" there (IE they don't try to explicitly block folks, but tell them not to do it and don't do it themselves) France would declare whatever they want to do okay?
Of course not.
It's pretty irrelevant where they do business, examples abound of countries where none of these companies have explicit presences trying to regulate them. None of this would be any different if they were entirely located, and declared all profit, inside, say, the US. The argument would be slightly more tortured, but the EU/etc would make it and do everything they could to hold these companies to it.
(and you don't want to try the "they operate a business wherever they earn profit", as this is even more fuzzy, as opinions differ on what profit is earned where, even if you ignore the tax issues. In fact, you can already see the countries don't want to make that argument because they don't like the answers it gives!).
Since Google is pretty polarizing, let's take HN instead.
Imagine someone in France files a RTBF request against HN for continuing to index an HN story about a crime they "paid their time for".
HN has no presence in France (i think! :P). Do you really believe France is going to say "yeah, you are right, do whatever you want"? That seems ... really really unlikely.
It's also pretty clearly not HN's job to say, try to deliberately exclude french citizens from participating.
So what do you want them to do, exactly?
They are kind of screwed no matter what they do[1]
The truth is, this is the problem with international legal jurisdiction in the internet world.
All countries/unions/what have you want their jurisdiction to be as expansive as possible. Historically, these jurisdiction were limited by physical borders, military might/willpower or allied treaties.
But they all (US included) see ways to expand their jurisdiction when it comes to internet companies, as their digital footprints are often much larger than their physical ones.
So, as expected, they all try to claim it, because it is to their political/legal/social/trade advantage to do so. If they don't, nobody will ever care about them at all. IE If i can easily make globally successful companies that doesn't have to care about EU law, but still derives benefit from EU citizens voluntary using it, why would any company want to care about the EU?
This is why it does not matter where they "operate a business" or any other metric you can come up with. The metric is really "able to be successful and used by citizens of X without really being subject to the direct legal jurisdiction of X". Any time this happens, X will claim, through whatever argument they can, that the company is subject to their legal jurisdiction/regulations. Because if what they really cared about was anything else, these countries, like China, would just block the website/story/whatever inside their borders! They certainly have such power. Instead, they want the foreign website to recognize and submit to their authority, so that the country/union/etc stays relevant.
It's really not about anything else, and for pretty much all of these companies, there is no real way out.
[1] This is usually the point where the argument devolves into extremism, and people suggest that if these companies simply collected no data, they would never have problems. This is, IMHO, pretty naive as well, as they have the same problems above whether they are being asked to remove data, or keep it, or what have you. The data issue is just one that happens to involve something people seem passionate about, but it is far from the only issue that arises. This is about the joy of legal jurisdiction in a world without borders. It applies equally well to things vastly unrelated to issues like RTBF.
> What if Australia ruled that Google must keep all data on all people worldwide and forbid deletions. Should that override all other country laws? If not, why should the EU law affect other countries?
This is already the current situation and it's a mess.
Countries have laws to force removal of personal information if the user requests it. Other countries have laws to force the company to keep user information for X years.
It's a total mess. Just f* the law and pretend that everything is alright when you do the certifications :D
Great point about the other side of the coin about retention policies. The bottom line is that neither retention nor deletion is currently possible. Isn't that really the issue? If Australia wanted to retain whatever data google had then surely some kind of export functionality would be the answer for that use case. If google's retention policies were by some miracle something like 1 year instead of forever that is.
> This is people being in charge of their behavioral and historical data that google has locked up in their data silos.
Why are you using intentionally strongly connoted language like "be in charge", "locked up", and "silo"? A more accurate version of this statement is "This is people wanting to make someone else delete data that they have on their servers." You're also presuming that someone "owns" any and all data that pertains to them.
Effectively legal? It is legal. I can privately crawl the web for all references to "John Doe", "johndoe.com", "/u/johndoe28", etc, and save them, because it's all content that John Doe chose to make publically available, whether on his own website or on forum posts or Facebook or what.
There's probably some point at which the ways I use that data can be classified as stalking or harassment, but simply collecting it is allowed.
There are far more sources of information than what John Doe explicitly puts out there. Those are probably the least of his worries.
What about the embarrassing things other people post about John Doe? What if this harms his ability to provide for his family?
What about things fabricated by others to silence or overtake John Doe?
edit: (adding the point below)
Just because it's legal to collect, manipulate, and profit from this mass of information 'somewhere' doesn't mean that concerned groups of people shouldn't try to make that process harder or impossible.
> What about the embarrassing things other people post about John Doe?
Is "John Doe" a politician trying to suppress public discourse about a scandal?
If you do something embarrassing, and people are talking about it, it is absolutely immoral to use government force to prevent people from disseminating information about it.
> What if this harms his ability to provide for his family?
Of course, think of the children. We must suppress any information that could negatively affect a hypothetical child!
What Google does is not "surveillance", it's collation of public data (or data that you agreed to give to google via one of its private services, like gmail). What the NSA does is surveillance, which is collection of private data without consent.
> what kind of world does that lead to?
A world where public discourse is more conveniently indexed? Be explicit with your concerns.
I think your version of the intent is correct but the post by the author makes it sound like google here is a champion of something virtuous when in reality they're just protecting their own business interests. If google was a publicly funded operation and their indexing/search algorithms were in the public domain then they might be able to make a convincing case but as it is there is clearly misdirection going on here.
From where I stand they are trying to take advantage of the murky definitions around data retention and various policies applicable to personally identifiable information to side-step certain restrictions in various countries that have much stronger policies around use cases of such data.
> Can't we trace packets back to a physical emitter?
No. Not really sure what else to say; this just isn't the case. Even without any sort of advanced privacy tech like tor, you still can't assume you can geolocate the source of a packet.
Packets are physical objects. You can theoretically trace light back to a source source by measuring its amplitude at various points.
All the government has to do is "own" the physical components involved in wireless transmission, and prohibit people from using their own tools. Does anyone doubt they are capable of pulling this kind of shit if they had enough money and the right scare? I mean isn't North Korea already doing this?
>Can't we trace packets back to a physical emitter?
Most data on the web is sent through so many servers and cached and archived in so many places around the world that it makes no sense trying to tie it to a single locality.
"Most drugs are traded between so many people and stored in so many homes around the world that it makes no sense trying to tie them back to a single locality".
That's true, but that never stopped governments from regulating and controlling them and shutting down big drug operations. I don't see why they wouldn't attempt to do the same with "illegal" data (even if data is orders of magnitude less traceable).
I'm afraid that the mere fact that all data has a physical starting point is enough for governments to try and claim jurisdiction.
Most people seem to be fine with schedule I drug prohibition. Then again, data is the one drug that we're all addicted to.
> I don't see why they wouldn't attempt to do the same with "illegal" data (even if data is orders of magnitude less traceable).
They do. Warez/Pedophilia/Drugs/Exploit sites are regularly shutdown and seized by the police.
It's just not possible for Google/Amazon/Facebook. The police ain't gonna go there, seize the datacenters, in a simultaneous operations where they arrest and charge the 1000 people at their national HQ office at the same time.
Data does not care about countries and national boundaries since clearly the google servers doing the indexing could be in space. In which case would they be allowed to not comply with any requests by people to be removed from their indices? Or would they be compliant depending on which continent the servers happened to be over at the time? Bordered data is an absurd concept and this person is being very disingenuous by framing the argument in those terms.