Google Forced to Remove Personal Information

Google was recently forced to de-index information about an Icelander following a ruling by the Icelandic Data Protection Authority.

See also: Police Deactivate Facebook Page over Data Safety Concerns

The decision concerned a man in a management position. When he first approached Google with his request, it was claimed that the nature of his position made information about him in the public interest.

Appealing the case to the Icelandic Data Protection Authority, the agency ruled that the so-called “right to be forgotten” was applicable to the case.

An excerpt from the decision reads as follows: “In certain cases, people may have the right to have information displayed about them in search engines, eg on Google, removed. Although the results are removed from search engines, the content will still be on the Internet, but in some cases it is also possible to get it removed. In this case, it was considered that the complainant’s privacy interests and his right to be forgotten outweighed the public’s interest in having access to the said information about him. It was therefore proposed to Google LLC to remove certain websites from the search results for the complainant’s name in the Google search engine.”

Given the private nature of the information, further information about the complainant was withheld from the report.

A redacted version of the decision can be read, in Icelandic, here.

Iceland Examines Use of Google Chromebooks in Schools

keyboard computer typing

Iceland’s Data Protection Authority is examining the use of Google Chromebooks in Icelandic schools, mbl.is reports. The devices, similar to laptops, were recently banned in Danish schools due to data transfer risks. Vigdís Eva Líndal, the Data Protection Authority’s director, says children should be able to learn using digital devices without giving personal information away to US tech giants.

Iceland’s investigation into the devices is part of a pan-European assessment of cloud solutions in public institutions. The Icelandic audit is being carried out in five municipalities, and the results are expected this fall. Iceland’s Data Protection Authority banned use of the Seesaw educational system in Iceland last winter due to data transfer concerns.

“Legislation on privacy is very limited in the United States,” Vigdís told RÚV reporters. “There is no federal legislation that addresses these issues.” Vigdís adds that the broad access that monitoring institutions have to data in the US does not conform to the values regarding personal privacy on which European laws are based.

How much data should children have to give?

Magnús Þór Jónsson, chairman of the Icelandic Teachers’ Association, has stated that digital solutions like Chromebooks and Google Workplace (which was also banned in Danish schools) are a big part of the educational system in Iceland, and that it is important to ensure that children learn about the digital world in school.

Vigdís agrees: “But the question is, how much personal information do children need to provide in order to learn? Can’t we work in such a way that they have the freedom to learn to use technology without giving their information to US corporations?”

“That is the fundamental question in this,” says Vigdís. “Can we find a way to ensure children’s privacy while still teaching them to use technology?”

Icelandic Police Department Deactivates Facebook Page Over Data Safety Concerns

police car

The Suðurnes Police Department in Southwest Iceland deactivated its Facebook page yesterday, citing comments from Iceland’s Data Protection Authority about data security on the social media platform, RÚV reports. The Reykjavík Capital Area Police Department says it will keep its Facebook page running and that it ensures data security through other means. Facebook’s collection and storage of data does not conform to Icelandic law, according to the DPA.

In March 2021, the Data Protection Authority came to the conclusion that the Capital Area Police’s reception of information via Facebook did not meet legal requirements on the processing of personal data for the purpose of law enforcement. DPA Director Helga Þórisdóttir stated the institution’s comments were particularly aimed at instances when police requested information from the public via Facebook’s messaging function. Facebook’s terms of use clearly state that data sent through the platform is collected. Icelandic law bans the storage of such information outside the European Economic Area, Helga points out.

The Suðurnes Police Department deactivated its Facebook page yesterday, ten months after the Data Protection Authority’s conclusion. It is the only department to act on the comments thus far. Halla Bergþóra Björnsdóttir, Chief Superintendent of Capital Area Police, says the department does not plan on deactivating its Facebook page. “We consider it an important tool in communication with citizens. We took the Data Protection Authority’s decision seriously at the time and changed our work processes,” Halla stated, adding that the police use Facebook cautiously, including by requesting information through secure means, such as by phone.

Thousands of Icelanders Take deCODE’s Personality Test

deCODE

Over 60,000 Icelanders have participated in an online personality test distributed by deCODE Genetics, a biopharmaceutical company based in Reykjavík. Many participants chose to share their test results on social media, which has subsequently raised data-privacy concerns.

Thousands of Participants

On February 13, two days after the biopharmaceutical company deCODE made its personality test available online, RÚV reported that nearly 50,000 Icelanders had taken the test.

The test, which was approved by the Ethical Review Committee, aims to examine the effect of genetic variation on personality traits and how such personality traits relate to physical health. In consenting to the terms of the test, participants authorise deCODE to request medical information from other health institutions (those who have not provided deCODE with a biological specimen in the past, the terms state, will be invited to do so).

In an interview with RÚV last weekend, Kári shed light on the research project by explaining that the concept of Personality wasn’t clearly defined, but that it was considered an interplay of thought, behaviour, and temperament. “Upon taking a personality test, participants fall within specific groups, which relate differently to certain illnesses … we’re trying to understand how genetic variation relates to a group of individuals who share certain personality traits.”

Upon completing the test, participants can compare their results to the results of other participants, with regard to openness, emotional stability, extroversion, agreeableness, and conscientiousness. Many chose to share their results on social media.

Privacy Concerns

Although Kári maintains that the information gathered from the test will remain anonymous and will not be sold to third parties – as such a thing would be illegal – many have nonetheless expressed privacy-related concerns, referencing a similar test employed by Cambridge Analytica in the run-up the 2016 US presidential election and Brexit referendum.

According to deCODE’s website, participants’ answers will be deleted from the server in two weeks’ time, but after that time, results will still be available online. “Complete confidentiality is guaranteed, and researchers are bound to secrecy regarding the information provided.”

In an interview on Monday, Helga Þórisdóttir, CEO of the Data Protection Authority, encouraged a level of scepticism regarding the provision of valuable personal information to deCODE. Referring to the fact that many participants had shared their results on Facebook, Helga stated: “Participants must be cautious; they shouldn’t be sharing this information on Facebook” (Helga also questioned deCODE’s choice of presenting a scientific survey as a personality test).

Responding to such criticism on Monday, Kári Stefánsson stated that individuals participating in similar deCODE tests in the future would not be able to share their results social media.

Klaustur Scandal Whistle-blower Must Delete Recordings

Bára Halldórsdóttir

Bára Halldórsdóttir broke data protection laws when she recorded the conversation of six MPs at Klaustur Bar last November, according to the Data Protection Authority. RÚV reports that the authority ruled on the matter yesterday. Bára will not be fined, but must delete the recordings and submit a statement confirming she has done so.

Read More: The Klaustur Scandal

The nation reacted in shock when a recording of six MPs of the Centre and People’s Parties revealed them making sexist, ableist, and homophobic remarks about their colleagues at Klaustur Bar in Reykjavík in late November. The MPs say that Bára Halldórsdóttir, who made the recording, violated their right to privacy.

Last December, the four Centre Party MPs on the recording, Sigmundur Davíð Gunnlaugsson, Gunnar Bragi Sveinsson, Bergþór Ólason, and Anna Kolbrún Árnadóttir requested that the Data Protection Authority investigate the case. The have stated their belief that Bára’s recording was premeditated and not a spur of the moment decision, as Bára has asserted. Bára’s lawyer sent a statement to the Data Protection Authority in response to the MPs’ request, writing that the case was outside of the Authority’s jurisdiction and should be handled in court.

Recording considered “electronic surveillance”

The Data Protection Authority has ruled that Bára’s recording falls under electronic surveillance and conflicts with EU legislation on the processing of personal data. The ruling states, among other things, that Bára considered the comments of the parliamentarians to be of importance to the public in light of their position, the conversation has given rise to much debate in society about the conduct of elected representatives, and there is no evidence of collusion in the case. In light of these facts, Bára will not be fined for her actions.

Bára wants protection for informants

Auður Tinna Aðabjarnardóttir, Bára’s lawyer, told RÚV the Data Protection Authority’s ruling does not come as a surprise as is based on a thorough review of relevant past cases. “My client is fairly satisfied and is very willing to delete the recording,” Auður stated. Bára does, however, want increased legal protection for informants, and feels she has had little in her case.

The MPs involved declined to comment on the ruling yesterday evening.

Data Protection Authority Denies Klaustur MPs Request

Klaustur Bar

The Board of the Data Protection Authority has denied the request of four Centre Party MPs for further data collection connected to the so-called Klaustur Scandal, RÚV reports. The MPs’ lawyer had requested, among other things, information on payments made to Bára Halldórsdóttir’s bank account. The four MPs were among a group of six whom Bára recorded making sexist, ableist, and homophobic remarks about their colleagues at Klaustur Bar in Reykjavík in late November.

In Focus: The Klaustur Scandal

The ruling states that the Data Protection Authority does not consider itself authorised to gather information from financial institutions and communications companies for cases which do not concern the companies themselves. The Authority considers there to be enough information available to make a final ruling in the case.

The Authority’s ruling also states that the MPs’ lawyer believes Bára’s recording was premeditated and executed with one or more accomplices. Bára’s lawyers have denied such claims and requested the Data Protection Authority drop the case, as it pertains to freedom of speech and privacy and should be ruled on in court.

Parking Spot Security Camera Deemed Not to Violate Privacy

The Icelandic Data Protection Authority has ruled that a resident did not violate the privacy of other people by setting up a security camera in their apartment window to monitor their private parking spot, RÚV reports. The security camera sent real-time images to the resident’s phone, but did not take pictures or videos and is not being disseminated. Therefore, says the Protection Authority, no privacy violation has taken place.

A complaint about the resident’s security camera was made by one of his neighbors, who complained about photos being taken of her and her partner. The resident contended that the reason he had the camera was because his neighbor’s partner owned a large Jeep with 44 in. tires and would park it such that he was basically unable to use his own parking spot. The resident also asserted that the partner tended to leave his Jeep running, which was both loud and created a great deal of pollution. The resident said they’d complained to the police about this behavior on numerous occasions, but nothing had come of it.

The complainants claimed that the resident had taken numerous phone pictures of them, followed them around the parking lot, and recorded the couple from the laundry room window. They also said that the security camera’s field of vision would necessarily extend beyond just the private parking spot of the resident.

In making their judgement, the Protection Authority did not find it necessary to gain access to the recording resident’s home. It said that there was no evidence that the neighbor and her partner’s personal information had been used for anything other than “personal use” and said that the security camera was not being used for electronic monitoring.

The compliant was, therefore, dismissed, but the complainants were advised that they could submit another complaint in the future if they had any further information related to a possible privacy violation.

In Focus: The Klaustur Scandal

Klaustur Bar

The nation reacted in shock when a recording of six MPs revealed them making sexist, ableist, and homophobic remarks about their colleagues at Klaustur Bar in Reykjavík in late November. The case, which has since become known as the Klaustur Scandal, made headlines internationally and led to public protests in Iceland. The individual responsible for […]

This content is only visible under subscription. Subscribe here or log in.

Continue reading

Klaustur MPs Shun Committee Meeting

Gunnar Bragi and Sigmundur Davíð

Centre Party MPs Sigmundur Davíð Gunnlaugsson and Gunnar Bragi Sveinsson have failed to respond to repeated requests to meet with the Constitutional and Supervisory Committee, RÚV reports. The committee, which was scheduled to meet with the MPs today to discuss the content of the Klaustur recordings, has thus postponed the event.

Sigmundur Davíð and Gunnar Bragi were among a group of six members of parliament caught on tape making sexist, homophobic, and ableist comments about colleagues at a Reykjavík bar. The contents of the recording have caught the attention of local and international media and led to public protest.

Political favours

The committee called the meeting to discuss specific statements made by Gunnar Bragi in the recording, specifically regarding the appointment of Geir Haarde as ambassador. In the recording, Gunnar Bragi spoke at length about the how he’d appointed former Prime Minister Geir Haarde to an ambassadorial position as a political favour that he expected to be rewarded for by current Finance Minister Bjarni Benediktsson. Sigmundur Davíð is heard on the tape confirming the statement. Pirate Party MP Þórhildur Sunna Ævarsdóttir has stated that considering the statements, Geir Haarde’s appointment would represent corruption in public service and entail a breach of ethics.

Bjarni Benediktsson and current Foreign Affairs Minister Guðlaugur Þór Þórðarson had also been requested to attend the meeting. Bjarni had confirmed his attendance, while Guðlaugur Þór is currently abroad and would have missed the meeting.

Hindering committees’ work

Helga Vala Helgadóttir, the committee’s chairperson, says it is a serious issue if elected officials can get away with ignoring requests from standing committees of parliament. “It’s one thing to struggle with doing your own job, but another when you’re getting in the way of the work of entire committees,” she stated.

Legal action

The four MPs have hired a lawyer to represent them in the case. The lawyer has contacted the Icelandic Data Protection Authority on their behalf. The Authority has received four messages from the public asking whether they will investigate the issue. Data Protection Commissioner Helga Þórisdóttir has stated that it remains unclear whether or not the Authority will formally investigate the issue, but it will be discussed at a board meeting at the end of next week. “It’s natural that some kind of stance will be taken on the issue by the Data Protection Authority,” Helga added, saying the recordings could be investigated in relation to privacy laws.