Nearly 220,000 individual requests have been made to Google to selectively remove links to online information. Less than 5% of those requests concern criminals, politicians, and high-profile individuals, according the Guardian. More than 95% of the requests have come from everyday people.
The Guardian has discovered new data hidden in source code on Google’s own transparency report that indicates the scale and flavour of the types of requests being dealt with by Google – information it has always refused to make public. The data covers more than three-quarters of all requests to date.
Previously, more emphasis has been placed on selective information concerning the more sensational examples of so-called right to be forgotten requests released by Google and reported by some of the media, which have largely ignored the majority of requests made by citizens concerned with protecting their personal privacy.
These include a woman whose name appeared in prominent news articles after her husband died, another seeking removal of her address, and an individual who contracted HIV a decade ago.
The data, which has not been revealed publicly until now, was found during an analysis of archived versions of Google’s transparency report and details the numeric breakdown of each request and associated link by country and issue type. The underlying source code has since been updated to remove these details.
This data covers the majority of requests received by Google, which have now exceeded 280,000 since the company first started to process requests in May 2014 as a result of a ruling by the European Court of Justice.
Of 218,320 requests to remove links between 29 May 2014 and 23 March 2015, 101,461 (46%) have been successfully delisted on individual name searches. Of these, 99,569 involve “private or personal information”.
Only 1,892 requests – less than 1% of the overall total – were successful for the four remaining issue types identified within Google’s source code: “serious crime” (728 requests), “public figure” (454), “political” (534) or “child protection” (176) – presumably because they concern victims, incidental witnesses, spent convictions, or the private lives of public persons.
Breakdowns for each country reveal that within the primary category of “private or personal information”, just shy of half the requests are delisted, more than a third are refused, and the remaining are pending.
By contrast, for each of the other categories, around one in five have actually been delisted. The numbers fall evenly between crime, public figures, political and child protection. Around two-thirds of these requests are refused.
In many countries, including France, Germany, the Netherlands, Austria, Portugal and Cyprus, 98% of requests concern private information. In only three countries did proportions of private information fall below 90%: Italy (85%), Romania (87%) and Hungary (88%). In the remaining most-populous countries, the UK and Spain, the proportion is 95%. In Italy, the second largest issue type is “serious crime” (1,951 requests, comprising 12% of the country’s total).
It is not clear whether requests have been made by those who are the main subject of web links or by a third party. A link categorised as serious crime, for example, may involve a request from a victim or witness rather than the perpetrator.
Between countries, there is variation in the rate of compliance. For example, more than half the private information requests through France and Germany have been successfully delisted, yet this comes closer to a third in the UK and Italy. These differences may be attributable to the requests themselves, the result of cultural and legal variation between countries, the impact of data protection authorities, or because Google doesn’t synchronise the decision criteria and processing between countries.
Google said in a statement: “We’ve always aimed to be as transparent as possible about our right to be forgotten decisions. The data the Guardian found in our Transparency Report’s source code does of course come from Google, but it was part of a test to figure out how we could best categorise requests. We discontinued that test in March because the data was not reliable enough for publication. We are however currently working on ways to improve our transparency reporting.”
Stefan Kulk, a Dutch researcher specialising in the liabilities of search engine providers, said: “Google is taking decisions that are publicly relevant. As such, it is becoming almost like a court or government, but without the fundamental checks on its power.”
“Because we know so little about the cases, Google can push the discussion about the right to be forgotten in a particular direction – overdramatise, or play it down.”
He notes that the governing legal framework is in part responsible, because it allows data controllers such as Google to be in charge of the delisting process.
“To me, this stresses all the more the importance of Google being more open about the requests it receives and the processing it undertakes,” said Kulk. “The company doesn’t have to put all the info of every request online – that wouldn’t work, and is clearly against data protection law itself. But it clearly needs to provide more granular information.”
Dr Paul Bernal, lecturer in technology and media law at the UEA School of Law, argues that the data reveals that the right to be forgotten seems to be a legitimate piece of law. “If most of the requests are private and personal ones, then it’s a good law for the individuals concerned. It seems there is a need for this – and people go for it for genuine reasons.”