The European Court of Justice ruled on 24 September 2019 that search engine operators such as Google do not have to apply the EU’s “right to be forgotten” to versions of their search engine accessed outside the EU (case C‑507/17).

 

What is the right to be forgotten?

The right to be forgotten, also known as the “right to erasure”, gives EU citizens the power to request that data about them be deleted.

Since 2014, EU citizens have been able to request that embarrassing or out-of-date information appearing in search results of their name be ‘de-referenced’. The introduction of the General Data Protection Regulation (GDPR) in 2018 reinforced this right.

 

European Court of Justice (ECJ) ruling

In 2015 France’s privacy watchdog, CNIL, ordered Google to remove search result listings to pages containing damaging or false information about an individual, on a global basis. In response, Google introduced a ‘geoblocking’ feature preventing European users from being able to see the links, but refused to do the same for people elsewhere in the world. CNIL subsequently fined Google 100,000 euros, which Google refused to pay.

Yesterday, ruling in favour of Google, the court said that there is currently “no obligation under EU law, for a search engine operator who grants a request for de-referencing… to carry out such a de-referencing on all the versions of its search engine”. So, Google only needs to remove the links from search results within EU member states.

In making its ruling, the court said: “The right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality” and “the balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world.”

 

Comment   

Google has said that since 2014 it has received more than 845,000 requests to remove a total of 3.3 million web addresses. With the introduction of the GDPR and the publicity surrounding it, the volume of requests is only likely to increase. It is, therefore, no surprise that the likes of Microsoft and Wikipedia supported Google’s case and will welcome the ECJ’s judgment.

The ECJ’s ruling was unsurprising though. It would have been a bold move for the court to rule the other way and attempt to police the actions of tech giants outside European borders. What it means for those looking to hide personal information currently available in search results is that even if you manage to get a search engine to remove offending links (note that Google has only removed 45% of links requested), those links will still be available outside the EU.

While the ECJ stated that search engine operators have a duty to “effectively prevent or, at the very least, seriously discourage” savvy internet users within Europe from getting access to de-referenced links, those using a virtual private network (VPN) or other tool to mask their location might still be able to do so.

 


 

You can find further information regarding our expertise, experience and team on our Media Disputes page.

If you require assistance from our team, please contact us or alternatively request a call back from one of our lawyers by submitting this form.

 


 

Subscribe – In order to receive our news straight to your inbox, subscribe here. Our newsletters are sent no more than once a month.

Key Contacts

See all people