EU Plays What-a-Mole with URLs (RTBF)

Researchers Uncover a Flaw in Europe’s Tough Privacy Rules by Mark Scott.

From the post:

Europe likes to think it leads the world in protecting people’s privacy, and that is particularly true for the region’s so-called right to be forgotten. That legal right allows people connected to the Continent to ask the likes of Google to remove links about themselves from online search results, under certain conditions.

Yet that right — one of the world’s most widespread efforts to protect people’s privacy online — may not be as effective as many European policy makers think, according to new research by computer scientists based, in part, at New York University.

The academic team, which also included experts from the Federal University of Minas Gerais in Brazil, said that in roughly a third of the cases examined, the researchers were able to discover the names of people who had asked for links to be removed. Those results, based on the researchers’ use of basic coding, came despite the individuals’ expressed efforts to remove their names from online searches.

The findings, which had not previously been made public and will be presented at an academic conference next month, raise questions about how successful Europe’s “right to be forgotten” can be if people’s identities can still be found with just a few clicks of a mouse. The paper says such breaches may undermine “the spirit” of the legal ruling.

From the positive conclusions on the Right to Be Forgotten (RTBF) by the paper authors:


We end this paper with a few opinions and recommendations based on the results and observations of this paper. After having studied RTBF and its consequences from a data perspective, the authors feel that RTBF has been largely working and responding to legitimate privacy concerns of many Europeans. We feel that Google’s process for determining which links should be delisted seems fair and reasonable. We feel that Google is being fairly transparent about how it processes RTBF requests [13]. Other academics have called more transparency [12]. However, by being more specific about how delisting decisions are made, it may become easier for the attacker to rediscover delisted URLs and the corresponding requesters.

I have to conclude they are collectively innocent of reading George Orwell’s 1984.

-if all records told the same tale — then the lie passed into history and became truth. ‘Who controls the past,’ ran the Party slogan, ‘controls the future: who controls the present controls the past.’ (George Orwell, 1984, Part 1, Chapter 2)

The paper does expose the EU efforts to control the past are akin to playing whack-a-mole:

with URLs.

Except that unlike the video, the EU doesn’t play very well.

As the paper outlines in some detail, delisting isn’t the same thing as making all records tell the same tale.

No only can you discover the “delisted,” you can often find evidence of who requested the “delisting.”

If “delisting” at Google becomes commonplace it will create opportunities for new web services. A web service that accepts URLs and passes through the content, annotated with Google Delisted Content – Suspected Delister: (delister’s name and current twitter handle).

1984 did not end well.

For a different (not necessarily better) outcome, resist all attempts to control the past, or to at least make it harder to discover.

Comments are closed.