Google will allow users to request the removal of their search results from websites that have published their contact information without their consent, such as their phone number, physical address or email. The company thus expands its policies to hide pages for this type of invasion of privacy, which until now only covered the publication of images of identity documents (such as ID or driving license) or financial data.
The EU agrees on a law to regulate digital content: “What is illegal ‘offline’ will be illegal ‘online'”
“The availability of personal contact information online can be frightening, and it can be used in a harmful way, including for direct unwanted contact or to cause physical harm,” says Michelle Chang, head of Google search policy, revealing that the company has been receiving requests from users to deindex this type of data for some time and has decided to enable the possibility of doing so.
This is the list of information that can be removed from Google results, which includes information “that may pose a significant risk of identity theft, financial fraud, harmful direct contact or other specific damage”:
- Sensitive National Identification Numbers, such as Spain DNI, United States Social Security Number, Argentina Unique Tax Identification Number, Brazil Natural Persons Registry, Korea Resident Registration Number, Credit Card China resident identity card, etc.
- Bank account numbers
- credit card numbers
- handwritten signature images
- images of identity documents
- Very personal, restricted, and official documents, such as medical records
- Personal contact information (physical addresses, phone numbers, and email addresses)
- Sensitive login credentials
The request can be made from this form. That yes, the multinational will not attend all the requests by system. “When we receive removal requests, we will review all content on the website to ensure that we are not limiting the availability of other information that is widely useful, for example in news articles,” says Chang.
“We will also assess whether the content appears as part of a public record on government websites or from official sources. In those cases, we will not do deletions,” he continues. This type of analysis is very similar to what the law requires the company to carry out with requests for the right to be forgotten, a process criticized by some jurists for the fact that it is a private company and not a judge who evaluates the public interest. of a certain web page.
Deindexing is not deleting
In any case, Google reminds that removing a website from its search results does not imply that the web page is removed or completely deleted, as is also the case with the right to be forgotten. This can greatly reduce its visibility, but it does not prevent it from being accessible in other ways, such as if the link is shared on social networks.
Furthermore, even if the company decides to honor the user’s request, this will not imply that it completely removes the reported websites from its results. One of the measures you can take is to de-index them only when the name of the affected person is searched.
Google hopes that the policy change will also help combat “the doxxing, that is, the practice of maliciously sharing someone’s contact information”. This is an action that is being used more and more often as a cyber attack and can have various objectives, such as extorting a person to comply with the attacker’s demands.
Doxxing is also a common attack among cybercriminals. Recently, an attack of this type exposed on the Internet all the contact information of the alleged leader of one of the most active cybercriminal gangs today, a teenager living in the United Kingdom. He was arrested hours later.