According to a ruling (Case C-507/17) released today by the EU’s top court, the ‘right to be forgotten’ only applies within Europe. This means that Google will only have to remove links from search results within EU Member State versions of the search engine where an appropriate request has been received.
This ruling relates to a long-running dispute between Google and French data regulation watchdog, CNIL. In 2015, Google had been ordered by CNIL to apply ‘the right to be forgotten’ globally and fined €100k for failing to comply. This decision was appealed to the Conseil d’État who then sought the advice of the European Court of Justice.
The right to be forgotten requires search engines to remove links that are inadequate or irrelevant in light of the time that has elapsed. France contended that limiting this right to the territory of the EU would be to render it meaningless as IP-masking VPN products are widely available. Google argued that they did not want to set a precedent for applying local rules on a global scale, elsewise they may be forced in future to apply laws which limit freedom of speech in certain jurisdictions, worldwide.
Speaking to The Guardian in 2017, Google’s global privacy counsel Peter Fleischer said that they have ‘worked hard to implement the “right to be forgotten” ruling thoughtfully and comprehensively in Europe… defending the idea that each country should be able to balance freedom of expression and privacy in the way that it chooses, not in the way that another country chooses.’
A rather pertinent section of the ECJ press release on this judgement reads:
‘The Court emphasises that, in a globalised world, internet users’ access – including those outside the EU – to the referencing of a link referring to information regarding a person whose centre of interests is situated in the EU is likely to have immediate and substantial effects on that person within the EU itself, so that a global de-referencing would meet the objective of protection referred to in EU law in full. However, it states that numerous third States do not recognise the right to de-referencing or have a different approach to that right, but must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. In addition, the balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world.’
The ruling has been well-received, with prominent data protection solicitor Simon McGarr taking to Twitter to note that there was ‘hard to find any legal justification’ for the initial CNIL order mandating the payment of €100k in fines. Read the decision in full here.
Note: This is intended to be a fair and accurate report of a decision made public by a court of law. Any errors should be notified to the editor and will be dealt with accordingly. Those wishing to purchase a subscription or organise a free trial of of our online services may do so here.