Insights about the first three years of the Right To Be Forgotten requests at Google

The “Right To Be Forgotten” (RTBF) is the landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy,
whereby individuals can request that search engines delist URLs from across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information surfaced by queries containing the name of the requester. What makes this ruling unique and challenging is that it requires search engines to decide whether an individual’s right to privacy outweighs the public’s right to access lawful information when delisting URLs.

Number of requests seen by Google

Since this ruling came into effect a little over three years ago (May 2014), Google has received ~2.4 millions URLs delisting requests. 43% of these URLs ended-up being delisted. Each delisting decision requires careful consideration in order to strike the right balance between respecting user privacy and ensuring open access to information via Google Search.

To be as transparent as possible about this removal process and to help the public understand how the RTBF requests impact Search results, Google has documented this removal process as part of its
Transparency report
since 2014.

This initial RTBF transparency report was a great first step toward detailing how the RTBF is used in practice. However inside Google we felt we could do better and that we needed to find a way to make more information available. A key challenge was ensuring that we were able to respect users’ privacy and avoid surfacing any details that could lead to de-anonymization or attract attention to specific URLs that were delisted.

So in January 2016, our RTBF reviewers started manually annotating each requested URL with additional category data, including category of site, type of content on page, and requesting entity. By December 2017, with two full years of carefully categorised additional data, it was clear that we now had the means to deliver an improved transparency dashboard — which we made publicly available earlier this week. Together with the data that we have previously published about the Right To Be Forgotten, the new data allowed us to conduct an extensive analysis of how Europe’s right to be forgotten is being used, and how Google is implementing the European Court’s decision. The result of this analysis was published in a
that we release alongside with the improved transparency dashboard. This blog post summarizes our
paper’s key findings

Who uses the right to be forgotten?

Who is making requests

89% of requesters were private individuals, the default label when no other special category applied. That being said, in the last two years, non-government public figures such as celebrities requested to delist 41,213 URLs; politicians and government officials requested to delist another 33,937 URLs.

89% of right to be forgotten requests originate from private individuals, but public figures use the RTBF too. In the last two years gov. official requested to delist ~33k URLs; celebrities requested to delist ~41k URLs.

The top 1,000 requesters, 0.25% of individuals filing RTBF requests, were responsible for 15% of the requests. Many of these frequent requesters are in fact not individuals themselves, but law firms and reputation management services representing individuals.

A minority of requesters (0.25%) are responsible for a large fraction of the Right To Be Forgotten requests (~15%).

What is the RTBF used for?

RTBF breakdown by site types

Breaking down removal request by site type revealed that 31% of the requested URLs related to social media and directory services that contained personal information, while 21% of the URLs related to news outlets and government websites that in a majority of cases covered the requester’s legal history. The remaining 48% of requested URLs cover a broad diversity of content on the Internet.

The two dominant intents behind the Right To Be Forgotten delisting requests are removing personal information and removing legal history.

What type of information is targeted?

RTBF requests by type of information

The most commonly targeted content related to professional information, which rarely met the criteria for delisting: only 16.7% of the requested URLs end-up being delisted. Many of these requests pertained to information that was directly relevant or connected to the requester’s current profession and was therefore in the public interest to be indexed by Google Search.

Different countries, different usages

RTBF requests type by country

The way the RTBF is exercised through Europe varies by country. Variations in regional attitudes toward privacy, local laws, and media norms strongly influence the type of URLs requested for delisting. Notably the citizens of France and Germany frequently requested
delisting of social media and directory pages, while requesters from Italy and the United Kingdom were three times more likely to target news sites.

The Right To Be Forgotten use is country specific. French citizens frequently request social media delisting whereas UK requesters are 3x more likely to target news site.

RTBF requests mostly target local content

Over 77% of the requests are for URLs that are hosted on domains that have the top-level domain associated with the country of the requester. For example lives under the TLD .de which is the German top-level domain. At least 86% of the requests targeting the top 25 news outlets were from requesters from the same country.

Right To Be Forgotten delisting requests are mostly used to remove local content.

Thank you for reading this post till the end! If you enjoyed it, don’t forget to share it on your favorite social network so that your friends and colleagues can enjoy it too and llearn how the Right To Be Forgotten is used through Europe.

To get notified when my next post is online, follow me on
, or
. You can also get the full posts directly in your inbox by subscribing to the mailing list or via

A bientôt!

*** This is a Security Bloggers Network syndicated blog from Elie on Internet Security and Performance authored by Elie Bursztein. Read the original post at: