Even if this legistlation gets passed ...
I suspect that Google will forget to forget.
I suspect that Google will forget to forget.
When you sign up to these services, you get the full "your data is important to us, we will never share it except with carefully vetted partners and in specific instances" etc.
Then when taken to task by the EU we get "when deleting data placed on a third party that has very little control of what's been done with that data"
So which is it? Your data is safe with us, or we have very little control over what is done with it?
Just the parts "relax" and "require best effort" are enough to tell you that they've already stopped making a serious effort. They've pushed a comprehensive attempt at forcing an update of our privacy laws for the internet age into the future again. "Let the next batch of commissioners try."
Some day you're going to have to get serious, folks, and in the process really twist the knife in Google's flesh. There is absolutely no avoiding it.
and The Pet Shop Boys
They horde everything forever, they can delete it if they really want to. They don't really want to.
Well put, Sir.
If the principle in law is that you can't subcontract away your responsibility, then 3rd parties are a legal minefield for large companies. What they look for is a clear way of demonstrating that they've done all they need to do.
Imagine you have an employee who leaves and asks for everything associated with them to be deleted...
You really need to stop using analogies because you are obviously not too good at it...
"Imagine you have an employee who leaves and asks for everything associated with them to be deleted..."
Except I don't put it out on the internet and I WAS PAYING HIM to work for me and I DID NOT collect his/her PERSONAL information...
...so in short I'd say your example is pretty much irrelevant in this topic.
I hope the original comment was meant to be sarcastic.
SHOUTING AT THE COMPUTER isn't a job, but every job I've had involved communication, often using internet technologies, like email, websites, forums, blogs and even shared calendars.
It is practically impossible to have a modern professional life without leaving little traces all over the place.
Who's responsibility is it to track down and remove them all if I change my mind about participating in society?
"Rosa Barcelo, a privacy and data protection specialist working for the Commission [...] pointed out that Reding's plans had already been relaxed from a "full obligation" on the part of an individual business and its handling of user data to a "best effort" requirement."
They are a government ffs! Either pass a law or get off the pot. And wtf is a "best effort"? How does a court decide if an effort has been "only hafl-hearted" or that is was a bona fide "best effort" in a situation where "real results" were maybe not possible and therefore the effort only *seems* to be a sort of "apathetic effort whose only purpose was to avoid complying with standards that could have been achieved if sufficient effort was made but since it was inconvenient to make the effort and since compliance was not actually required thanks to the 'best effort' standard, they really didn't bother".
Well, I guess a couple billions in fines would be of tremendous help here.
...and I blame the CEO: ever since that rollerskating dork replaced Schmidt a year ago almost to date Google is falling from grace faster than ever, becoming more and more evil. It's ironic that this period correlated with almost 8% *loss* (YTY) when it comes to GOOG performance under CEO Page... how about bringing Schmidt back, Larry? :P
Yes, everybody deserves the right to be forgotten, yes and it actually goes without saying if you really believe in information privacy and ownership, Mr Page.
Google are now stamping their little feet saying they can't comply with the Law.
If they were a Bank and behaved like that, then the Regulators would shut them down.
Obey the Law or suffer the consequences.
No they would give them (another) bag of money.
"He reckoned that a standardised assessment was simplistic and warned there was a "risk of slowing down products to market.""
Google et. al. are selling the "Ability to be heard" and must accept "Right to be Forgotten" as a cost of doing business. I have zero tolerance for predictable, irreparable harm without recourse.
The standard is not a "useful" product or speed to market. Thalidomide is a useful drug which does irreparable harm if misused. Let us not make the same mistake again.
I wasn't sure if this was just a bit of pointless Eu bureaucracy or another law by lawmakers who don't understand technology.
But as soon as Google rushes out to say that the privacy rules are unworkable - I know the law must be effective. It's like you can't go wrong by automatically opposing anything the Daily Mail supports
Summary: bitch, moan, whine, whine.
...how when the first article about Right To Forget was posted, everyone tore it to shreds - unworkable, can of worms, ridiculous, lawmakers are insane, etc etc.
Then, when Google agrees with them, everyone says, Arrrgh, Google are evil bastards who want to steal your data! They only want to oppose this lovely bill because they want your social security number and to know whether you sleep on your side or on your back!
So how exactly do I tell Google to forget me?
Do I write Google, telling them "My name is XXX and these are my emails [emails], these are my webpages [urls] - please ensure that your company forgets them!"?
You (as in Google, etc) design a system where all collected data is automatically deleted after, say, 6 months UNLESS someone (aka the associated ID, etc) repeatedly agrees to the retention.
If you stop agreeing, change identity, or die, etc, then after a short time your history is removed apart from stuff you explicitly handed to trusted friends.
They probably already do this. The advertising value of what new phone model you were Googling 6months ago is pretty low.
Google make more money by ensuring that they only sell data about you that is new.
It's only governments that are interested in what you where reading years ago.
Reading this section of the proposal.
If I wrote a comment on here, which happens from time to time, and I then asked El'Reg to forget it, it sounds like they'd need to contact everyone who'd ever read the comment and ask them to forget it too. That is daft.
So I ask for my stupid comment to be forgotten. Now what happens if someone has decided to reply to my comment. Perhaps they choose to quote some of one of my diatribes. Does this proposal mean that the quote should be removed from this secondary posting?
Would it then make this second posting nonsensical? Would it then perhaps make the commentator look bad? What happens to the effort that this second poster has made to refute my initial arguments?
What about a long discussion, should all of it be discarded if one person wants their meagre contribution erased. Surely this would then lead to a method to suppress discussions you didn't agree with.
I for one totally fail to see how this should work in practice.
That is before you get to the total impossibility of asking a real flesh and blood person to forget something, such requests are more likely to result in things being recalled.
... an app for that. Just survey forgettable apps and you know it's prior art.
From inside a jail cell.
...bloody Android. When I turn on my GPS, I have to agree to 'Will send anonymous data, data charges may apply."
Not to mention, as a friendly feature, my phone shared my WiFi password with Mountain View by default. What the f....??????
REALLY, THIS SHIT HAS TO STOP.
How hard is it to legislate that all the social sharing features are okay, when they are OPT-IN (and without penalty if you don't).
[it is a Sony Ericsson Xperia Mini Pro, using it right now to write this, cute little thing!]
That's not android doing that, more likely a carrier thing - I can uncheck that GPS option on my unbranded SGSII (and did in my old SGS as well). Flashing to unbranded firmware *may* do the trick.
If reflashing firmware doesn't work/isn't an option I suggest Better Privacy or Droidwall (both free as in beer apps) which can specifically block any app, including GPS, from accessing data.
Two area's that stick out too me are:
1) Backup's - whilst offline, they still hold data - this effects that in that if a user says delete all this info then does somebody have to go redo the backup's and sort the old ones. Some leeway on retention of old data on backups is needed.
2) Legal conflicts (the accountancy fragmentation theory :)- So many data retention laws etc that can and could make the legal aspects of deleteing the data a somewhat grey area. Imagine an accountant balanceing the books with pages missing; Now think of how Police will investigate crimes.
As for backup's - a good backup policey and security policey that already handles old data tapes so that no old data leaks out beyond the backup cycle - including offsite backups at the DR site.
Now as for the right to delete stuff, the only sain way to realy handle this is for the data to be deleted to be encrypted with a key of the users providing - usual private/public key shinanigan's. This for all effect delete's the data for use, yet still leaves it there in a state that can be recovered by the user and indeed any legal needs which would then be firmly placing the control of that user content firmly in the users lap.
So in general, nice sentiment, but flawed, though can be fixed - that included protecting users from themselfs - public enemy #1 in anybodies life, apart from that the flaws leave the companies that have to implement this vulnerable to breaking it by design and how backups work.
Lets face it though, if you analy audit any company under current laws you can usualy find them at fault, take DPA.
Only people who gain from these badly thought out law's are the lawyers, which is good for local countries TAX income.
As it stands in legal terms, the backups are a huge loophole that lets Google do whatever it wants with data. They don't have to be deleted by a certain time. There is also nothing in the contracts that says "backups have to be offline"; they can be online and actively being analysed, just to get around other data protection rules. There can be backups of the backups of the backups of the backups.
So any Right to Forget worthy of that name would have to include forcing a thorough deletion of the backups, period.
Thank you Sir, thats kinda the whole mess I thought it was. Guess IT Law is alot like TAX Law; Always a loophole somewere or another.
If this fairly odd piece of law has actually been quietly lobbied into place by celebs who're worried about their 'off brand' activites getting published?
Mind you there's many 'celebs' who really should be forgotten forever, most of them participate in 'reality tv'...
"has actually been quietly lobbied into place by celebs who're worried about their 'off brand' activites getting published?"
I think this covers information you give sites on your own in the course of some relationship between you - a credit card number, pictures on your facebook account, etc. If you grant a member of the press an interview, they're not going to be required to redact all copies of a newspaper a year from now; the interview itself isn't 'yours' to request to be deleted.
It would be not only absurd for legislation to require the removal of every last shred of information about someone anywhere on the web, but blatantly illegal (at least in the US). And journalism specifically has a long history of protection in areas like this; otherwise anyone who had an article written about them could demand that it be retracted for any reason.
Since most journalism ends up being about people, it would give a newspaper's subjects veto power over publication - which would naturally make exposes or, really, any kind of investigative reporting, history.
I don't think it does that. And if it does, would, at least in the US, last about two minutes in court. I would assume that the EU protection for free speech would cover it. You know, the one that ensures you can buy Nazi memorabilia, show videos of people being made fun of in Italy, play video games about WWII in Germany, say that Armenians weren't genocide victims in France... oh, to hell with it, never mind. Maybe you could try the Australian version of free speech, where... .. ..