A House of Lords sub-committee has called the ‘right to be forgotten’ ruling misguided in principle and unworkable in practice.
The EU Home Affairs, Health and Education sub-committee of the House of Lords made this statement in its report, which examined the recent ruling made by the Court of Justice of the European Union (CJEU).
According to the sub-committee’s report ‘EU Data Protection law: a ‘right to be forgotten’?’, the ‘right to be forgotten’ is an EU right derived from the 1995 Data Protection Directive (DPD), which was given effect in the UK under the Data Protection Act 1998 (DPA). This is the year that Google was founded, three years after the DPD.
In the 20 years since the negotiation of the DPD, technology, in terms of collection, storing and availability of data, has evolved beyond recognition. In need of radical revision, the European Commission (EC) put forward proposals for a new data protection package in January 2012, which was sent to the sub-committee for examination.
However, it is the 1995 DPD that the CJEU has based its 13 May 2014 ruling in favour of the ‘right to be forgotten’ on, says the sub-committee.
After having heard evidence from data protection experts, the Information Commissioner’s Office, the Minister for Justice and Civil Liberties, Simon Hughes, and Google itself, the sub-committee is recommending that the UK Government continue to fight to ensure that the updated Regulation does not include any provision on the lines of the EC’s ‘right to be forgotten’ or the European Parliament’s ‘right to erasure’.
Chairman of the EU Home Affairs, Health and Education sub-committee, Baroness Prashar, said: ‘We believe that the judgment of the [CJEU] is unworkable. It does not take into account the effect the ruling will have on smaller search engines which, unlike Google, are unlikely to have the resources to process the thousands of removal requests they are likely to receive.
‘It is also wrong in principle to leave search engines themselves the task of deciding whether to delete information or not, based on vague, ambiguous and unhelpful criteria. We heard from witnesses how uncomfortable they are with the idea of a commercial company sitting in judgment on issues like that.’
In a recent letter to the Article 29 Working Party (which is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the EC), signed by Google’s Global Privacy Officer Peter Fleischer, the tech giant revealed that as of 18 July 2014, it had received more than 91,000 removal requests involving more than 328,000 URLs.