These are adding layers of operational complexity for organisations that are subject to them, and puzzlement for agencies entrusted with policing the rules. Predictably enough, the confusion over the laws has been met with derision from sections of the media.
Firstly, there was the EU ruling on the right to be forgotten where Google was forced to comply by removing a search result relating to an outdated bankruptcy.
This opened quite the can of worms, as the company was inundated with removal requests. Most notably, BBC economics editor Robert Peston complained that a 2007 story he’d written had been ‘cast into oblivion’ when it was apparently removed from search results following a request. Links to that story and others noted by the Guardian were subsequently reinstated, with Google citing teething troubles to account for the confusion.
At the heart of the issue, as Danny Sullivan succinctly points out in Search Engine Land, is the notion that Google is under no obligation to comply with requests because it could be reasonably argued that it isn’t in a position to make a judgement to balance the right to be forgotten with the right of free speech. Individual requests could (and should) be passed to arbiters in the locality of a dispute who would be better qualified to decide what action should be taken based on the EU’s ruling – after which Google might more legitimately remove search results.
Should this hypothesis come to bear, there are further issues to muddy the waters. The ruling applies to EU countries, so removed articles may still be ranked and viewable in non-European regions. Also, it is likely that a result is only ‘removed’ for a selected number of keywords such as someone’s name, rather than Google removing entire pages from its index. Given that Google ‘removed’ and ‘restored’ Peston’s story pretty quickly, it’s evident that the URL Google had indexed hadn’t been permanently expunged.
Canada also dipped its toe into online consumer protection with the rollout of its anti-spam law at the start of July. It is particularly newsworthy as firms can face fines of up to $10 million should they fall foul of the new law. Controversially, it states that an email could be considered spam if the recipient hadn’t consented to its delivery. Such complexity means that the body responsible for its enforcement – the Canadian Radio-television and Telecommunications Commission – had to clarify its position, stating that it has a ‘range of enforcement tools available to it, from warnings to penalties‘. Certainly, this is a clear example of the headache caused by enforcing legislation on the web, which by its nature, is unfenced and global.
Singapore’s new Personal Data Protection Act also came into force at the start of July. Notably, its intent and wording – ‘Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances’ – is clearer than others that have been enacted recently. However, the ramifications could be significant for Singapore and businesses looking to operate there due to its importance as a gateway to business in Asia.
Ultimately, firms must be alert to the potential risks posed by the increasingly complex regulation relating to data protection and the web, ensure they have practical policies in place, and that these policies are communicated clearly throughout their organisation to ensure compliance.