Some time ago I complained to the Information Commissioner’s Office (ICO) about the innuendo carried in the message that Google serves with search results on most personal names: “Some results may have been removed under data protection law in Europe”. I had already complained to Google UK, and wrote about it here. Google UK denied any responsibility or liability, and referred me to their enormous, distant, parents at 1600 Amphitheatre Parkway. I think they were wrong to do so, in light of the judgment of the Court of Justice of the European Union in the Google Spain case C‑131/12, but I will probably pursue that separately.
However, section 42 of the Data Protection Act 1998 (DPA) allows me to ask the ICO to assess whether a data controller has likely or not complied with its obligations under the DPA. So that’s what I did (pointing out that a search on “Jon Baines” or “Jonathan Baines” threw up the offending message).
In her response the ICO case officer did not address the jurisdiction point which Google had produced, and nor did she actually make a section 42 assessment (in fairness, I had not specifically cited section 42). What she did say was this
As you know, the Court of Justice of the European Union judgement in May 2014 established that Google was a data controller in respect of the processing of personal data to produce search results. It is not in dispute that some of the search results do relate to you. However, it is also clear that some of them will relate to other individuals with the same name. For example, the first result returned on a search on ‘Jonathan Baines’ is ‘LinkedIn’, which says in the snippet that there are 25 professionals named Jonathan Baines, who use LinkedIn.
It is not beyond the realms of possibility that one or more of the other individuals who share your name have had results about them removed. We cannot comment on this. However, we understand that this message appears in an overwhelming majority of cases when searching on any person’s name. This is likely to be regardless of whether any links have actually been removed.
True, I guess. Which is why I’ve reverted with this clarification of my complaint:
If it assists, and to extend my argument and counter your implied question “which Jon Baines are we talking about?”, if you search < “Jon Baines” Information Rights and Wrongs > (where the search term is actually what lies between the < >) you will get a series of results which undoubtedly relate to me, and from which I can be identified. Google is processing my personal data here (that is unavoidable a conclusion, given the ruling by the Court of Justice of the European Union in “Google Spain” (Case C‑131/12)). The message “Some results may have been removed under data protection law in Europe” appears as a result of the processing of my personal data, because it does not appear on every search (for instance < prime minister porcine rumours > or < “has the ICO issued the cabinet office an enforcement notice yet” >). As a product of the processing of my personal data, I argue that the message relates to me, and constitutes my personal data. As it carries an unfair innuendo (unfair because it implies I might have asked for removal of search results) I would ask that you assess whether Google have or have not likely complied with their obligation under section 4(4) to comply with the first and fourth data protection principles. (Should you doubt the innuendo point, please look at the list of results on a Twitter search for “Some results may have been removed”).
Let’s hope this allows the ICO to make the assessment, without my having to consider whether I need to litigate against one of the biggest companies in world history.
The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.
8 responses to “Complaint about Google’s Innuendo, redux”
I’d hate to be a Google employee tasked with getting it right.
You are right. The euro Decision is unworkable, simply because Google has no way of dffentiating between people of the same name.
The only circumstance it could work is a person had written to them stating I want ‘this’ and ‘that’ removed.
Even then, Google would have to run checks as to the veracity of the request.
How can a Googie employee do that?
Demand a birth certificate?
…..Just off to write to Google as David Cameron , demanding all references to me are removed.
Hi JT Unfortunately the ICO are not compliant to the Register of Interest Publication Tut Tut
What are they hiding by publishing BLANK FORMS
Take a look at the this ICO website and you will see the Register of Interest Docs from Denham.Entwistle and Woods are all Blanks
That’s clearly because they have no registerable interests.
I’m not publishing your follow up reply because it’s abusive towards a third party.
I expect that from you anyway.
Please take a look at this Vexatious BS from the Devon County Council from 5 years back and before the Dransfield Vex BS
Information Request 01753
Please find Devon County Council’s response below i
Please provide me with a copy of your ISO9000 QA-QC
audit and your ISO
14000 Environmental Audit reports for the last 5 ye
Devon County Council’s response
We consider that this request forms part of pattern
of requests which
are all linked to health and safety matters relatin
g to built structures.
Therefore the Council is refusing this request unde
r Regulation 12(4)(b)
of the Environmental Information Regulations as we
consider that the
request is manifestly unreasonable.
The reasons that the Council considers requests rel
ating to health and
safety matters to be either vexatious or manifestly
already been explained to you, most recently in our
letter to you of 1st August 2012
At this juncture the ICO don’t sign their Decision Notice’s or Register of Interests. Its like dealing with the Secreet Service. What are they hiding?
Quite clearly, nothing.
You are worse that Turner. How can it be right for the ICO NOT to sign their decision notices or the Register of Interests