EU Right to Forget Ruling

56 July 2014 | LegalEra | www.legalera.in
Let’s Uphold
Human
beings tend
to remember some things and forget
others. Some incidents and events get
etched in our collective consciousness
while some just don’t stick. So, some
event that occurred centuries ago
may be known to all and sundry but
something that occurred a month
ago may be forgotten by most. In
today’s digital age, however, our
collective consciousness has come
to be represented as Google search.
What occurred centuries ago and
what occurred yesterday, including
a passing inconsequential remark,
remain etched in Google’s memory.
Thus, nothing is now ever forgotten.
But nature has its ways for a reason.
We remember for a reason and forget
for a reason. It would not be feasible
to live in peace if our past lives were
latched on to our backs at all times.
One must learn from the past but
to move into the future, some of the
past has to be let gone. That deletion
work is done naturally by our fading
memories. We forget what need not
be remembered so that we may live
in peace and also enabling the other
person concerned to live in peace, so
that no one’s past can haunt them
forever.
This natural cycle has been broken
and now not only one’s past but
every miniscule detail of that past is
remembered, recorded and available
just a click away. Is that healthy?
Or should something be done
so that nature has its way and some
things can be forgotten? What can
and should be done? Is there any
legal recourse? But how can there
be any legal recourse unless
there is a legal right to be forgotten?
Right to be forgotten implies that any
information about one’s self that gets
unearthed and is kept alive by search
engines can be demanded to be
stashed away by the person concerned
in certain cases as s/he has a right to
be forgotten. The information may
still exist at the source but it need
not be brought to the fore by a search
engine.
The European Union has for some
time been contemplating “the right
to be forgotten.” In 2012, a proposal
was made for a Regulation that would
incorporate “right to be forgotten.”
[http://ec.europa.eu/justice/data-protection/
document/review2012/com_2012_11_en.pdf]
Alongside, a Spanish man has been
battling for the enforcement of his
“right to be forgotten” before the
European Court of Justice. His right
to be forgotten has now been upheld
by the ECJ. [http://curia.europa.eu/
jcms/upload/docs/application/pdf/2014-05/
cp140070en.pdf; http://curia.europa.eu/juris/
document/document.jsf;jsessionid=9ea7d0f130
d564636cbfe10940d09972f8c622d2228f.e34Ka
xiLc3eQc40LaxqMbN4OaNmQe0?text=&docid
=152065&pageIndex=0&doclang=EN&mode=r
eq&dir=&occ=first&part=1&cid=73529]
In Google Spain SL, Google Inc. v
AgenciaEspañola de Protección de
Datos, Mario Costeja González, the
European Court of Justice held that
EU citizens have a right to ask search
engines to hide publicly available data
Google
EU
V/S
The

57www.legalera.in | LegalEra | July 2014
Editorial
the data no longer appeared in the
search results and in the links to La
Vanguardia.
The AEPD rejected the complaint
against La Vanguardia, taking the
view that the information in question
had been lawfully published by
it. However, the complaint was
upheld as regards Google Spain and
Google Inc. Consequently, Google
Spain and Google Inc. brought
two actions before the Audiencia
Nacional (National High Court,
Spain), claiming that the AEPD’s
decision should be annulled. It is in
this context that the Spanish court
referred a series of questions to
the European Court of Justice. The
court upheld González’s right to have
irrelevant information about himself
stashed away by search engines.
The EU ruling can
be broken down and
understood as follows:
1. Search engines are processing
information
Court noted that by searching
automatically, constantly and
systematically for information
published on the internet, the
operator of a search engine ‘collects’
data within the meaning of the
Directive 95/46/EC. The operator
within the framework of its indexing
programmes, ‘retrieves’, ‘records’
and ‘organises’ the data in question,
which it then ‘stores’ on its servers
and, as the case may be, ‘discloses’
and ‘makes available’ to its users in
the form of lists of results. Thus, the
operator is ‘processing’ information
even where they exclusively concern
material that has already been
published as it stands in the media.
2. Search engines control what
data shall appear in search
results
The Court further holds that the
operator of the search engine is
the ‘controller’ in respect of that
processing as the operator determines
the purposes and means of the
Protección de Datos (Spanish Data
Protection Agency, the AEPD)
against La VanguardiaEdiciones
SL (the publisher of a daily news
paper in Spain) and Google Spain
and Google Inc. requesting that
La Vanguardia be required either
to remove or alter the pages in
question (so that the personal data
relating to him no longer appeared)
or to use certain tools made available
by search engines in order to protect
the data. He also requested that
Google Spain or Google Inc. be
required to remove or conceal the
personal data relating to him so that
from queries for their own names.
The case deals with the woes of
Costeja González who in 2009
discovered that a Google search of
his name pulled up legal notices from
the late 1990s concerning a real -
estate auction organised following
attachment proceedings for the
recovery of social security debts
owed by him. These he contended
were long settled and hence, were
irrelevant. Yet, the ghost of these
notices continued to haunt him
and attached a permanent taint to
his name. He lodged a complaint
with the Agencia Española de
to be forgotten and
shrugging the past off
their backs. However,
in a majority of
cases, there is a
need to keep balance
between the right to
information and the
right to be
Pursuant to the
EUruling
against
Googlecitizens of
the EU can ask
search engines to
remove data that is
detrimental
to them,
ensuring theirright
forgotten
by Fatima Ansari
,

58 July 2014 | LegalEra | www.legalera.in
Let’s Uphold
the purposes for which they were
processed and in the light of the time
that has elapsed.
The Court adds that, when
appraising such a request made by
the data subject in order to oppose
the processing carried out by the
operator of a search engine, it should
in particular be examined whether
the data subject has a right that the
information in question relating to
him personally should, at this point in
time, no longer be linked to his name
by a list of results that is displayed
following a search made on the
basis of his name. If that is the case,
the links to web pages containing
that information must be removed
from that list of results, unless there
are particular reasons, such as the
role played by the data subject in
public life, justifying a preponderant
interest of the public in having
access to the information when such a
search is made.
6. Request to remove
information to be made to
search engine operator; failing
which to appropriate authority
The Court points out that the data
subject may address such a request
directly to the operator of the
search engine (the controller) which
must then duly examine its merits.
Where the controller does not
grant the request, the data subject
may bring the matter before the
supervisory authority or the judicial
authority so that it carries out the
necessary checks and orders the
controller to take specific measures
accordingly.
Thus, pursuant to the EU ruling
against Google, citizens of the EU can
ask search engines to remove data that
is detrimental to them ensuring their
right to be forgotten and shrugging
the past off their backs.
important role played by the internet
and search engines in modern
society, which render the information
contained in such lists of results
ubiquitous. In the light of its potential
seriousness, such interference cannot,
according to the Court, be justified by
merely the economic interest which
the operator of the engine has in the
data processing.
4. Fair balance to be sought
between right to information
and right to forget
While allowing the right to be
forgotten, the court also takes into
consideration the legitimate interest
of internet users potentially interested
in having access to that information.
The Court holds that a fair balance
should be sought in particular
between that interest and the data
subject’s fundamental rights, in
particular, the right to privacy and
the right to protection of personal
data. The data subject’s rights
override the interest of internet users.
The balance depends on the nature
of the information in question and
its sensitivity for the data subject’s
private life and on the interest of the
public in having that information.
This interest of the public in having
the information may vary. It shall be
affected, in particular, according to
the role played by the data subject in
public life.
5. Requests to remove data can
be reappraised as nature of data
may change with time
If it is found, following a request by
the data subject, that the inclusion
of certain links in the list is, at this
point in time, incompatible with the
directive, the links and information
in the list of results must be erased.
The Court observes in this regard
that even initially lawful processing
of accurate data may, in the course
of time, become incompatible with
the directive where, having regard
to all the circumstances of the
case, the data appears to be
inadequate, irrelevant or no longer
relevant, or excessive in relation to
processing. As long as the activity
of a search engine is additional to
that of the publishers of websites
and is liable to affect significantly
the fundamental rights to privacy
and to protection of personal data,
the operator of the search engine
must ensure, within the framework
of its responsibilities, powers
and capabilities, that its activity
complies with the directive’s privacy
requirements.
3. Search engines generate
a profile for the person that
could not have been generated
otherwise and hence have a
responsibility to maintain
peoples’ right to privacy
The operator is, in certain
circumstances, obliged to remove
links to web pages that are published
by third parties and contain
information relating to a person from
the list of results displayed following
a search made on the basis of that
person’s name. The Court makes it
clear that such an obligation may also
exist in a case where that name or
information is not erased beforehand
or simultaneously from those web
pages, and even, as the case may be,
when its publication in itself on those
pages is lawful.
The Court points out in this context
that processing of personal data
carried out by such an operator
enables any internet user, when he
makes a search on the basis of an
individual’s name, to obtain, through
the list of results, a structured
overview of the information relating
to that individual on the internet.
The Court observes, furthermore,
that this information potentially
concerns a vast number of aspects
of his private life and that, without
the search engine, the information
could not have been interconnected
or could have been only with great
difficulty. Internet users may thereby
establish a more or less detailed
profile of the person searched
against. Furthermore, the effect of
the interference with the person’s
rights is heightened on account of the
Disclaimer – Statements and opinions
expressed in this article are those from the
editorial and are well researched from various
sources. The content in the article is purely
informative.

EU Right to Forget Ruling

Recommended

Recommended

More Related Content

Similar to EU Right to Forget Ruling

Similar to EU Right to Forget Ruling (20)

EU Right to Forget Ruling