open search
Internationales Arbeitsrecht

Europe – European Court of Justice rules on the scope of the ‘right to be forgotten’ for search engines

Print Friendly, PDF & Email

Two recent European Court of Justice cases have given guidance on the scope of the ‘right to be forgotten’.

The European Court of Justice has published its rulings in two prominent cases addressing the scope of ‘the right to be forgotten’ under EU privacy laws. Both cases involved Google and the French National Commission on Informatics and Liberty (‘CNIL’).

The right to be forgotten was based on the ECJ’s interpretation of the previous Data Protection Directive in a 2014 case involving Google. The right, which was later implemented in the General Data Protection Regulation (GDPR), enables European data subjects to request the erasure and removal of all their personal information under certain conditions.

The first case stems from the CNIL’s decision regarding Google’s application of the right to be forgotten on a global basis. In 2015, CNIL requested Google to globally delist search results containing personal information that was subject to the right to be forgotten requests from its search engine. Google removed the links only from its European domain names, but refused to delist the search results from domain names available outside of Europe. In response the French regulator fined Google EUR 100,000. Google challenged the ruling at France’s Council of State, which turned to the European Court of Justice for guidance.

Earlier this year, Google won the support of the European Court of Justice’s Advocate General (AG), in a nonbinding recommendation delivered to the Court. The AG claimed that the right to be forgotten should be limited to Europe only. In its decision, the Court ruled that there is no obligation under EU law for search engine operators to delist search results that are subject to the right to be forgotten in all of their domains upon a de-referencing request from a data subject or regulatory body. Upon a justified request, the operator must delist the results for all European domains only.

The European Court of Justice emphasised that the Internet is a global network without borders, and although the delisting of all references from all domain names will meet the objectives of the right in full, it should be recognised that various countries did not acknowledge the right to be forgotten.

The second case focused on a dispute between four French data subjects and Google and CNIL, after both the tech giant and the French regulator refused a request to delist sensitive information from Google’s search engine.

According to the European Court of Justice’s decision, the restrictions and prohibitions on the processing of special categories of personal data, specifically when the data subject’s consent to such processing was revoked, apply to operators of search engines as any other processor or controller. Upon the data subject’s request, a search engine operator must delist results leading to a web page containing sensitive personal information (such as health related information or information on political view of an individual), even if this data was not erased beforehand by the web page.

In some circumstances, the operator may refuse to accede to a request for delisting. A refusal can be made when it establishes that the relevant links are covered by the exceptions listed in the GDPR (and the previous Directive), or where it deems that there is a substantial public interest and the links are necessary for exercising the right for freedom of information.

KLIEMT.Arbeitsrecht is a member of Ius Laboris, an international alliance of leading law firms providing specialised services in employment law.

Ius Laboris

Ius Laboris is a leading international employment law practice combining the world’s leading employment, labour and pension firms. Our role lies in sharing insights and helping clients to navigate the world of labour and employment law successfully.
Verwandte Beiträge
Internationales Arbeitsrecht Neueste Beiträge

Where can an employee sue an employer? A recent ruling and its implications for Austrian law

The European Court of Justice has ruled that an employee living in Austria has to bring a legal action against the employer with whom she had an employment contract in Germany, because the main part of her contractual obligations had to be performed in Germany, even if no work was actually performed. A recent European Court of Justice ruling (25 February 2021; C–804/19, Markt24) has clarified the law on where…
Internationales Arbeitsrecht Neueste Beiträge

Schrems II: what are the implications for data transfers from the GCC?

In Schrems II, the European Court of Justice rejected the Privacy Shield as a legitimate basis for personal data transfers: what are the potential consequences for data processing in the Gulf Cooperation Council countries? This article provides guidance. The European Court of Justice’s recent Schrems II decision (case C-311/18) has attracted a lot of attention in data protection circles. One of the key outcomes of…
Internationales Arbeitsrecht

European Court of Justice - A ‘Like’ button on your website? Then you are a joint data controller with Facebook!

Website operators who feature a ‘Like’ button have been ruled to be joint controllers for data protection purposes in a recent European Court of Justice judgement. In a judgment of 29 July 2019 (Fashion ID GmbH & Co, C-40/17) the European Court of Justice ruled that operators of a website that features a ‘Like’ button are controllers jointly with Facebook. This means they must make an arrangement with…
Abonnieren Sie den KLIEMT-Newsletter.
Jetzt anmelden und informiert bleiben.

Die Abmeldung ist jederzeit möglich.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert