Google autocomplete and personal integrity

Wow, Germany courts have done it again! They are so good at protecting the personal privacy of their citizens! Read on, it connects to an individual’s ‘right to be forgotten’.

Google have been been over-ruled concerning how the ‘autocomplete’ function in the search dialog works. Basically this is generated by what other users have been searching for. The reason why this has become a case for personal integrity, and also a person’s reputation is because words associated with a particular person, either by rumor or otherwise, and thus searched by users impacts that person’s reputation.

The case in question was when the complainants’ names were typed into Google’s search bar, the autocomplete function added the ensuing words “Scientology” and “fraud”.The continuing association of their names with these terms infringed their rights to personality and reputation as protected by German law (Articles 823(1) and 1004 of the German Civil Code).

What does this mean for Google? Well once Google has been alerted to the fact that an autocomplete suggestion links someone to libellous words, it must remove that suggestion.

According to Panopticon blog this German ruling is extending the “frontiers of legal protection for personal integrity and how we allocate responsibility for harm. Google says that, in these contexts, it is a facilitator not a generator. It says it should not liable for what people write (scroll down to “Google and the ‘right to be forgotten’” here, in Spain a previous case), not for what they search for (the recent German case). Not for the first time, courts in Europe have allocated responsibility differently.”

Privacy commissioners vs. Google

Oh dear, Google is in trouble…. they have been -surprise, surprise- criticized by privacy commissioners around the world on their privacy, or lack of privacy practices 😉

Read more at The New York Times. btw. I need to thank Jack for his tweet on this 🙂

Unique note on a receipt from El Corte Inglés

Well hello to you all,

This is the first time I ever blog and I just wanted to share with you something that caught my attention a few days ago. As most of us have, I’ve been wandering around shopping centers during the Xmas holidays. In my case this year, I went to Spain to celebrate it with my family. The celebration brought of course lots of shopping along  -I just love shopping in Spain so much than in Sweden because of the limited selection of products they have over here-. But anyway I was caught when at Spain’s largest department store I get my shopping receipt and I read at the bottom:

” Para gestionar el cobro, todos los datos de la operación,  son transmitidos a un fichero informático gestionado por El Corte Inglés, S. A., con domicilio en Madrid, c/Hermosilla, 112, donde podrán ejecitarse los derechos de acceso y rectificación. “

Which I (not being an official translator) would translate into English like:

To transact this payment, all the operation data are transmitted to a computer file/database managed by the El Corte Inglés, S. A., residing in Madrid, c / Hermosilla, 112, where you may pursue rights of access and rectification.

I don’t know whether this (refers only to tickets) is a requirement by law however I wouldn’t think so as this particular store is the only one I found this little note. And I can promise you the pile of receipts I brought back home is not small. So there must be something unique in the El Corte Inglés way of doing.  They do have a customer data policy on their site but, as my curiosity has now been waken up, I do have a new item on my ‘to do’ list and find out whether this is a new rule or only an example for other companies to follow… .  So far I have not seen anything similar in Sweden but of course I’ve been a lot home because: 1) it’s too cold to go out and my car won’t start and 2) my account is just empty 🙁

Violation of the DPA in Spain with YouTube

Well this is an interesting one. I have found at least two cases now whereby it has been ruled as a violation of the Data Protection Act (which I understand is called the Organic Law on Data Protection, LOPD) by uploading videos without the consent of the subjects of the material. Fines for grave violations run from 60,000 to 300,000 Euros.

The first case I am referring to was in the summer of 2008 whereby residents in Spain were fined for putting prostitute clients on YouTube.

Then there is the recent case that I can’t yet find anything in English or Spanish. The short of it is that the Spanish Data Protection Agency (AEPD) on Wednesday this week took enforcement action against those responsible for uploading a video clip on the Spanish site, and declared that publishing the image of a person on YouTube without that person’s consent is a grave violation of LOPD. The decision by the AEPD followed widespread media reporting on the case of Italian youths posting to YouTube a video disparaging a teenager with a disability, but this case involved a smaller, 1,500 Euros fine. Article 6 of the Spanish LOPD requires, with some exceptions, a data subject’s unambiguous consent for the processing of his or her personal data, unless laid down otherwise by law.

If any of my Spanish visitors have some reference to this article in English or Spanish, would love if you could share this with us? My searches in English are coming up with nothing useful.