General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy

Google Wins 'Right to Be Forgotten' Case

EU's Highest Court Says Requirement Only Applies in Europe
Google Wins 'Right to Be Forgotten' Case

Europe’s top court has ruled that Google does not have to remove links to sensitive personal data globally when it receives a request from a European resident under the EU’s “right to be forgotten” requirements.

See Also: Modernize with Monitoring: Keys to Third-Party Risk Management Success

The Luxembourg-based European Court of Justice said the “right to be forgotten” provision should only apply within the European Union. Back in 2014, the court acknowledged the right when it said Google must delete “inadequate, irrelevant or no longer relevant” data from its results when a member of the public requests it.

The Google case started a year ago after the top data protection regulator in France ordered that all links that contain false information about a person or that could harm their reputation should be removed on all Google platforms across the world.

The search giant challenged the regulator, citing censorship issues, and asserted that its users have the right to information.

But the court determined that there is no requirement that companies comply with the “right to be forgotten” clause outside of Europe.

Google commented on the ruling in a statement: “Since 2014, we've worked hard to implement the right to be forgotten in Europe, and to strike a sensible balance between people’s rights of access to information and privacy. It’s good to see that the court agreed with our arguments.”

Europe’s General Data Protection Regulation, which went into full effect last year, has a separate “right to be forgotten” provision with much broader requirements. The implications of the court’s ruling for worldwide enforcement of that provision remain to be seen.

Strong Reactions

The decision has drawn diverse reactions on Twitter.

For example, Umberto Gambini, head of office/senior adviser at the European Parliament, said applying the right to be forgotten globally would be a "stretch."

But another user said the right to be forgotten is incomplete if the rule is not applied worldwide.

Konstantinos Komaitis, senior director, policy development and strategy, at the Internet Society, says that if the provision was enforced globally, it would have had far-reaching consequences on the way the internet operates and how users globally experience the Internet.

“Decisions such as the Google privacy case that apply extraterritorial jurisdiction can result in negative and unintended consequences,” he says. “Some states are trying to grab back power over the internet, seeing it as a threat to their authority.”

According to its latest transparency report, Google has received almost 850,000 requests for data delistings.

What the Court Says

While ruling that Google does not have to extend the right to be forgotten for European citizens outside of Europe, the court acknowledged that in today’s globalized world, information can harm a person’s reputation. But it said different countries have different approaches to the right to be forgotten, and hence a universal law cannot be applied.

“A global de-referencing would meet the objective of protection referred to in EU law in full. … Numerous third states do not recognize the right to de-referencing or have a different approach to that right,” the court said.

The court also pointed out that, while EU law does not currently require a de-referencing to be carried out on all versions of the search engine, it also does not prohibit such a practice.

And the court added that a search engine operator must put measures in place to discourage internet users from going outside the EU to find information the Europeans requested to be deleted.

Background of the Case

The court's new ruling stems from a dispute between Google and France's top privacy regulator.

In 2015, France's Commission nationale de l'informatique et des libertés, or CNIL, ordered Google to globally remove search result listings to pages containing damaging or false information about a person. The French data protection watchdog had argued that only applying Europe’s privacy standards globally and not just within Europe could guarantee that these links do not show up in Google searches and ensure the privacy of citizens. It had fined Google 100,000 Euros for failing to apply the privacy standard worldwide.

Google appealed the decision, asking Europe’s highest court to rule on what geographical limits, if any, should be applied to the region’s right to be forgotten. The tech firm had been supported by Microsoft, Wikipedia's owner the Wikimedia Foundation, the non-profit Reporters Committee for Freedom of the Press, and the U.K. freedom of expression campaign group Article 19, among others.

Article 19 calls the court’s ruling on the “right to be forgotten” a victory. “Courts or data regulators in the U.K., France or Germany should not be able to determine the search results that internet users in America, India or Argentina get to see,” says Thomas Hughes, executive director of the group.

“The court is right to state that the balance between privacy and free speech should be taken into account when deciding if websites should be delisted – and also to recognize that this balance may vary around the world. It is not right that one country’s data protection authorities can impose their interpretation on internet users around the world.”


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.