Google‘s chief privacy officer has stated that the law should target websites that host material rather than search engines that make it simple to discover. This comes as Australia is considering the “right to be forgotten.”
Following significant data breaches at Latitude, Medibank, and Optus, Keith Enright’s visit to Australia has coincided with more attention being paid to the protection of digital privacy. In their wake, the government of Albanese unveiled a slew of potential amendments to the Privacy Act that are intended to bring the law into the modern era of digital technology.
One of the essential suggestions is modelled after the “right to be forgotten” laws in Europe, but it is directed exclusively at online search results. It advocates for the right to de-index internet search results that contain personal information such as a medical history, information about a child, pervasive information, erroneous, out-of-date, incomplete, misleading, or irrelevant information.
“We feel very strongly that if you are creating a legal right to remove information from the internet, those requests should be directed to the publishers of that content rather than to search engines because, of course, even if it is suppressed from a search engine, that content still exists on the internet elsewhere,” he said. “If you are creating a legal right to remove information from the internet, those requests should be directed to the publishers of that content rather than to search engines.”
“Therefore, establishing that legal obligation for the organization hosting the content would be a more efficient way to answer the public policy objective.”
The assessment of the Privacy Act predicts that Google received around 58,000 requests from Australians to de-list approximately 250,000 search results between the years 2014 and 2022. These figures are based on data from Google’s European transparency report.
Some people in Australia have taken legal action against Google because the search engine returned results that contained erroneous or out-of-date information. One of the highest courts in the country ruled in favour of Google in a case that was brought against the company for linking to a defamatory article published on the Age newspaper website about a lawyer in Victoria.
According to Enright, the problem would “correct itself” if the website that had the information removed, as the website crawlers that Google uses perform routine inspections of the website. Individuals could also put in a request for a speedier evaluation.
However, the Office of the Australian Information Commissioner has suggested that targeting search engines for the right to de-indexing makes the most sense when it is difficult to remove the information at its source, such as when the site is based overseas, anonymous, or rejects takedown requests. This is because it is more likely that search engines will be able to remove the content from their indexes.
Enright has stated that the modifications that are being proposed are a step in the right direction. Still, he has also conceded that no law currently being developed could predict the changes that the development of artificial intelligence could bring to privacy law.
This week, Google decided to delay the debut of its artificial intelligence chatbot called Bard in Europe due to concerns raised by the Irish Data Protection Commission. These issues centred on the fact that not enough information had been supplied concerning the privacy policies of Bard.
Enright stated that Google was in continuous communication with the agency regarding its requirements and that the delay occurred as a result of further issues being raised concerning compliance.
After we had provided them with information regarding the preliminary schedule for introducing our product, they contacted us with further inquiries. They asked for elaboration. They requested that we bring our documents up to date,” he explained.
“We fully respect and appreciate the authority of the DPC to do that, which is exactly what the GDPR [General Data Protection Regulation] anticipates them doing,” “We fully respect and appreciate the authority of DPC to do that.” Therefore, we made the necessary adjustments to the launch date and are currently collaborating with the DPC to find answers to their questions.
According to Enright, authorities worldwide are increasingly engaging with one another about how to manage privacy. As a result, rules that arise in various regions of the world are being streamlined, even though some differences make it tough to navigate as a global organization.
“We are seeing still increasing levels of alignment and more data protection requirements, stronger data subject rights, and more restrictions on data processing; that is the clear direction of travel,” he added. “We are seeing still increasing levels of alignment and more data protection requirements.” “However, when you get into the details of each of those individual bills, as well as just the sheer volume of the number of laws that are being contemplated, there is a lot of complexity there, which is going to create a great deal of legal challenges,”
