GUIDE TO REMOVAL OF PERSONAL INFORMATION FROM GOOGLE SEARCH RESULTS

For many years, Google had a mechanism which allowed people to request the removal of certain sensitive, personally identifiable information from the search for example, in cases of doxxing or information like bank account or credit card numbers that could be used for financial fraud.

Recently, Google updated its policy to allow an individual to request the removal of personally identifiable information and sensitive data from Google’s search results. Acknowledging the open access to information as a “key goal of search”, the company emphasized the empowerment of an individual to access control over their sensitive and personally identifiable information. Further, it stated that with the evolution of the internet, such information about an individual has popped up in unexpected places, and is being used in new ways.

REQUIREMENTS TO MAKE A REQUEST

The individual making a removal request is mandated to submit all the web and image URLs that he/she wants Google to review. Also, for Google to consider the request, it must include the contact info of the person requesting and the presence of “explicit or implicit threats” or “explicit or implicit calls to action for others to harm or harass.”

Following the submission of a request, Google will send an automated email confirmation. In case the submitted request does not have enough information apt for evaluation, Google may also ask for additional information.  Further, if the request falls within the scope of Google’s updated policy, it will proceed with the action, otherwise, it will deny the request with a brief explanation.

Interestingly, despite the removal as noted by Google, the information will still be available on the internet and can be accessed using other search engines or social media.

CATEGORIES OF INFORMATION FOR THE REMOVAL REQUEST

For removal request to Google, the information needs to be pertinent to the following categories:[v]

• Confidential government identification (ID) numbers like U.S. Social Security Number, Argentine Single Tax Identification Number, Brazil Cadastro de Pessoas Físicas, Korea Resident Registration Number, China Resident Identity Card, etc.

• Bank account and credit card numbers

• Pictures of your handwritten signature

• Pictures of identifying documents

• Medical records and other classified information

• Personal contact information (phone numbers, home address, email addresses)

• Login credentials

• Pictures of anyone under 18 years old, even if they’re not explicit

HOW TO SUBMIT A REMOVAL REQUEST TO GOOGLE

If the information falls into one of the above mentioned categories, a removal request can be submitted using the following processes:[vi]

• Navigate to the removal request page on the Google Search Help site https://support.google.com/websearch/answer/9673730.

•  Select the option that reads: “Remove information you see in Google Search”

• Provide whether the information you want it to remove is only in Google’s search results or also appearing on a website.

• If the information is also on a website, Google will ask you if you have contacted the site’s owner. Unless you already have, select: “No, I prefer not to.”

• Select the type of content that you want Google to remove.

• You will now have to fill out a form to complete the removal request. Google asks for the above mentioned request requirements along with at least one screenshot. Finally, list the search terms that surface the content, provide additional context if necessary, and hit “Submit.” You’ll get an email confirmation as soon as Google receives it.

ANALYSIS:

“Personally identifiable information” (PII) often referred to as Personal Data is a central concept in privacy regulation around the world.  This term defines the scope and boundaries of many privacy statutes and regulations. Also, PII is the backbone of any privacy regulatory regime because it “serves as a jurisdictional trigger.”

The considerable divergence of the PII definitions over the different jurisdictions poses significant difficulty in the harmonization of PII.  Especially, considering the development of the regime in India, where Personal and Non-personal data are kept in the same bracket.[viii] This brings to the fore a considerable challenge before Google on the categorisation of information i.e., which information can be considered for removal.