Right To Be Forgotten In Light Of European Court Of Justice “Google Decision”
Summary
Due to stunning advances in information Technologies occurred recently even very old information concerning individuals can be hold digitally and be accessible to everywhere in the globe in a matter of seconds just by writing related person’s name on computers or smart devices keyboard. Right to de-referencing or most commonly known as right to be forgotten grants an individual who wants to lead his/her life in an independent manner a right to request deletion of his/her personal data that he or she wants no longer to be known from the digital sphere. In a way people are given the right to informational self-determination concerning their personal data. European Court Of Justice decision C‑131/12, Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González has become a seminal development in this respect. Right to be forgotten has been accepted as an independent right from personal data protection which has been granted in Europe for a considerable amount of time.
Keywords: Personal data, the right to personal data protection, the right to be forgotten, EU Court of Justice, Google
In its latest decision, European Court of Justice(ECJ) refused to enlarge the implementation of right to be forgotten on a global basis.
In 2014, ECJ ruled that the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages, published by third parties and containing information relating to that person, also in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful.[1]
Google has applied the right to be forgotten since May 2014, when the ECJ first determined that under some circumstances European citizens could force search firms to delist webpages containing sensitive information about them from queries made using their names.
The idea is to hide sensitive information - such the fact a person once committed a criminal offence or had an extra-marital affair - if the details are judged to be "inadequate, irrelevant or no longer relevant or excessive".
Google has said that since that time it has received more than 845,000 requests to remove a total of 3.3 million web addresses, with about 45% of the links ultimately getting delisted.[2]
The latest ruling stems from a dispute between Google and a French Data Protection Authority (CNIL- Commission nationale de l'informatique et des libertés) In 2015, CNIL ordered the firm to globally remove search result listings to pages containing damaging or false information about a person. Google Inc., refused to do so and confined itself to removing the links in question from only the results displayed following searches conducted from the domain names corresponding to the versions of its search engine in the Member States i.e. geoblocking feature that prevents European users from being able to see delisted links. Google Inc. requested the Conseil d’État (Supreme administrative court and court of final appeal on the legality of administrative acts-France) to annul CNIL’S fine. It considers that the right to de-referencing does not necessarily require that the links at issue are to be removed, without geographical limitation, from all its search engine’s domain names.
By way of a preliminary ruling[3] (pursuant to Article 267 of the Treaty on the Functioning of the European Union ("TFEU") ECJ found that numerous third States do not recognize the right to dereferencing or have a different approach to that right. The Court adds that the right to the protection of personal data is not an absolute right (jus cogens), but must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. In addition, the balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world.[4]
Court concludes that, currently, there is no obligation under EU law, for a search engine operator who grants a request for de-referencing made by a data subject, as the case may be, following an injunction from a supervisory or judicial authority of a Member State, to carry out such a de-referencing on all the versions of its search engine. However, EU law requires a search engine operator to carry out such a de-referencing on the versions of its search engine corresponding to all the Member States and to take sufficiently effective measures to ensure the effective protection of the data subject’s fundamental rights. Thus, such a de-referencing must, if necessary, be accompanied by measures which effectively prevent or, at the very least, seriously discourage an internet user conducting a search from one of the Member States on the basis of a data subject’s name from gaining access, via the list of results displayed following that search, through a version of that search engine ‘outside the EU, to the links which are the subject of the request for de-referencing.
It means the firm only needs to remove links from its search results in Europe - and not elsewhere - after receiving an appropriate request.[5]
Google had previously warned of the dangers of overreach by Europe. In a blogpost two years ago, the company said there should be a balance between sensitive personal data and the public interest and that no one country should be able to impose its rules on citizens of another.[6] The technology firm argued that, if this rule were applied outside Europe, the obligation could be abused by authoritarian governments trying to cover up human rights abuses. This attitude was also reflected in the opinion of Court’s advocate general Maciej Szpunar.[7]
However, it should be noted that according to ECJ, while EU law does not currently require a de-referencing to be carried out on all versions of the search engine, it also does not prohibit such a practice. [8] In this respect, ECJ refrained from providing guidance and granted national courts a considerable margin of appreciation. The authorities of the Member States remain competent to weigh up, in the light of national standards of protection of fundamental rights, a data subject’s right to privacy and the protection of personal data concerning him or her, on the one hand, and the right to freedom of information, on the other, and, after weighing those rights against each other, to order, where appropriate, the operator of that search engine to carry out a de-referencing concerning all versions of that search engine.
[1]C-131/12, Google Spain v AEPD and Mario Costeja Gonzalez
[2] https://transparencyreport.google.com/eu-privacy/overview?hl=en_GB
[3] A reference for a preliminary ruling allows the courts and tribunals of the Member States, in disputes
which have been brought before them, to refer questions to the Court of Justice about the interpretation of
European Union law or the validity of a European Union act. The Court of Justice does not decide the
dispute itself. It is for the national court or tribunal to dispose of the case in accordance with the Court’s
decision, which is similarly binding on other national courts or tribunals before which a similar issue is raised.
[4] Case C 507/17
[5] https://www.bbc.com/news/technology-49808208
[6] https://www.theguardian.com/technology/2019/sep/24/victory-for-google-in-landmark-right-to-be-forgotten-case
[7]http://curia.europa.eu/juris/document/document_print.jsf?docid=209688&text=&dir=&doclang=EN&part=1&occ=first&mode=req&pageIndex=0&cid=24577. Advocate general warned against a risk of possible race to the bottom, to the detriment of freedom of expression, on a European and worldwide scale. Paragraph 61.
[8] https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-09/cp190112en.pdf