Europe’s highest court issued two huge rulings on Sept. 25 regarding the implementation of the EU’s “Right to Be Forgotten.” Both decisions involve a long-standing dispute between Google and France’s data authority, the Commission Nationale de l’Informatique et des Libertés (CNIL); both have considerable implications for the cross-border regulation of the internet.
Latest in Right to be Forgotten
In May 2014, the Court of Justice of the European Union (CJEU) ruled that search engine operators in the EU are responsible for handling individuals’ requests to remove links to personal information that appear in search engine results.
Last week, Google announced it was appealing the French data authority’s decision to fine Google for refusing to delete links globally. With the right to be forgotten (RTBF) debate thus back in the news, this post takes the opportunity to map the lay of the land to date.
The Extraterritoriality Dispute
It’s an extended news roundup with plenty of debate between me and Nuala O’Connor, the President and CEO of the Center for Democracy and Technology (CDT). We debate whether and how CDT should pay more attention to Chinese technology abuses and examine the EU ministers’ long list of privacy measures to be rolled back and security measures to be beefed up in the wake of the Brussels and Paris Daesh attacks.
What kind of internet world order does China want, and will it succeed? That’s the question we ask Adam Segal, Maurice R. Greenberg Senior Fellow at the Council on Foreign Relation and author of The Hacked World Order.
What is the most surprising discovery a law firm partner makes when he jumps to the National Security Agency? I direct that and other questions at Glenn Gerstell, who has just finished six months in the job as General Counsel at the National Security Agency.
According to a European Commission fact sheet on the Right to Be Forgotten, “individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them.” Since this right apparently does not require deletion from the World Wide Web of that information itself, there seems to be a business model in this rule for some enterprising party.
Where the hell are the FTC, Silicon Valley, and CDT when human rights and privacy are on the line? If the United States announced that it had been installing malware on 2% of all the laptops that crossed US borders, the lawsuits would be flying thick and fast, and every company in Silicon Valley would be rolling out technical measures to defeat the intrusion. But when China injects malware into 2% of all the computers whose queries cross into Chinese territory, no one says boo.
Steptoe Cyberlaw Podcast, Episode #83: An Interview with Bruce Schneier at "Privacy. Security. Risk. 2015"
Bruce Schneier joins Stewart Baker and Alan Cohn for an episode recorded live in front of an audience of security and privacy professionals. Appearing at the conference Privacy. Security. Risk.