Last week quite a number of headlines were generated by a court ruling concerning the responsibility of a search engine provider to filter search hits that conflict with an individual’s privacy requirements.
Although the details of implementation and enforcement will take some time to sort themselves out, on the face of it, this judgement appears to create some serious risks to privacy rather than mitigating privacy risk.
Here’s my logic:
1- Jacques specifies to Google and other search providers that there is a list of URLs that lead to content that violates a court-supported privacy assertion.
2- Google (and others) must then filter those URLs out of any search results that are presented when someone searches for ‘Jacques.’
3- Google then asks ‘which Jacques are you?’
4- Jacques, in order to maintain his privacy, must then prove his/her identity to Google with sufficient specificity that Google can act with due care and diligence in filtering search results.
5- Jacques hands over a lot of personal details to the search engine providers to support their identity validation process.
Admittedly, this is a crude and premature analysis, but anonymity is part of the infrastructure of the internet.
If we want to filter content based on identity, we will need to have a way of validating the identity of the data subject and verify that defined URLs contain content that is actually about that particular data subject and not some other Jacques.
In other words, in order to exert strong control over the distribution of content that is already on the internet, we will need strong identity validation, which relies on, yep, you guessedit , more extensive sharing of PII.
In this case the cure may be more destructive than the disease…
By Andrew Walls - Analyst, Gartner