Google has received 2.4 million requests over the past three years to delete search-engine results under Europe's "right to be forgotten" rules, highlighting the challenge it is likely to face under even tougher new data-protection regulations.
European Union citizens currently have the right to ask search engines to remove results that include their names following a landmark decision from the European Court of Justice in 2014. Russia and Turkey have since followed suit with laws that allow citizens to delist links.
Google this week revealed for the first time a breakdown of the groups that have requested data to be deleted. The figures showed private citizens had submitted almost 90 per cent of all requests since January 2016, when the company first started to label results by demographic. French, German and British citizens submitted more than half of all requests.
Businesses, government officials and public figures submitted fewer than 7 per cent of the requests.
Alongside the update, Google also published a research paper highlighting the difficulty of determining which search results are inaccurate, inadequate, irrelevant or excessive. It pointed out that two of the most popular targets of right-to-be-forgotten requests were Companies House, a British website for financial disclosures, and the Boletin Oficial del Estado, where the Spanish government posts official notices.
“We identified two dominant categories of right-to-be-forgotten requests: delisting personal information found on social media and directory sites; and delisting legal history and professional information reported by news outlets and government pages,” the paper said.
“Our results showed the intent behind these requests was nuanced and stemmed in part from variations in regional privacy concerns, local media norms and government practices,” it added.
Google has complied with 43 per cent of all requests to delete search results.
The figures shine a light on attitudes towards data privacy in Europe, which is on the verge of introducing the toughest data-protection rules to date.
Under the general data protection regulation (GDPR) that comes into effect in May, citizens will have even more rights to request that information be deleted. The rules, which are expected to provide the biggest challenge yet to the runaway growth of personal data collection, will allow users to ask for information to be deleted as long as there is no “compelling” reason for it to be retained.
Companies have been scrambling to develop ways to comply with GDPR. Fines under the new rules can reach up to €20 million or up to 4 per cent of their previous year’s global turnover, whichever is higher. – Copyright The Financial Times Limited 2018