When Europeans exercise their 'right to be forgotten,' the French privacy watchdog ordered Google to hide search results worldwide; Google's appeal of that ruling is heading to Europe's top court
Just how forgetful must Google be when applying the "right to be forgotten" created by a 2014 European Union court ruling? That's the question the court that made the original decision must now answer, in a case pitting Google against a French privacy watchdog.
Its answer will have worldwide consequences for search engines and the people whose private lives they index.
The French National Commission on Informatics and Liberty (CNIL) is concerned that Google does not go far enough in removing entries from its search results under the right to be forgotten. It wants Google to remove such results from its properties worldwide, and in March 2016 fined the company €100,000 (US$116,000) for not doing so.
Google said that CNIL should not be able to order it to remove search results viewed by residents of non-EU countries, and took its appeal all the way to France's highest court, the Conseil d'Etat, which has now referred three questions of law to the Court of Justice of the EU.
The CJEU should be familiar with the matter: It was its ruling in a Spanish case in May 2014 that first introduced the notion of a right to be forgotten.
Within weeks of that ruling, Google was inundated with tens of thousands of requests from other people wanting to hide search results about their past, and to this day still receives over 2,000 such requests each week. The company has agreed to around 43 percent of all URL removals requested, according to its own figures.
The original case involved a Spaniard who wanted to erase online traces of a 1998 newspaper announcement of a court-ordered auction of his real estate to recover debts. The Spanish court referred the matter to the CJEU, which ruled that the newspaper announcement should remain online, but ordered Google to hide links to it in the results of searches for the person's name. The idea was that references to embarrassing events or minor misdeeds could be made harder to find, but not completely erased.
Critically, though, the court did not specify to what extent such links should be hidden.
Google has a number of websites targeted at users in particular countries -- google.fr for France or google.co.uk for the U.K., for example. All the sites are accessible to users in any country, although Google attempts to automatically redirects visitors to google.com to what it deems to be the most appropriate country site.
The company initially chose to respond to right-to-be-forgotten complaints by removing search listings only from its site for the country of residence of the complainant. That might have been enough to keep a complainant's family, friends and business acquaintances from stumbling across the search results they had complained about if they allowed themselves to be redirected to the local site.
The Conseil d'Etat wants the court to rule on which of three methods search engines should use to determine when they should delist search results.
The first option it asks about is that favored by the French privacy watchdog: hiding the search results on all domain names, no matter where in the world the search is made.
The second covers the option initially adopted by Google, hiding search results only on the domain that serves the country where the demand was made, and a broader option, hiding them on all domains that target EU member states (but not, for example, on dot-com domains).
The third is the option now adopted by Google: hide search results on any of its domains, but only in response to requests made from IP addresses it believes relate to users within the EU.
Whatever the CJEU decides, EU privacy laws could well have changed by the time it makes a decision in this case. When the General Data Protection Regulation enters effect in May 2018 it will extend the right to be forgotten, turning it into a right to have personal data deleted rather than merely hidden.
Jan 16, 2020 | Category: General | Comments
Once again, Facebook has (unintentionally) breached users’ privacy. Facebook developed a glitch that exposed page admin accounts to the public. Though, it was a short-lived bug, people still managed to exploit it for numerous high-profile pages.read more…