1. The Right To Be Forgotten in the Google Spain
Case (case C-131/12): A Clear Victory for Data
Protection or an Obstacle for the Internet?
Ioannis Iglezakis
Assistant Professor
Faculty of Law, Aristotle University of Thessaloniki

2. Reform of the data protection legal
framework
 2012 Proposal for a Regulation on the protection of
individuals with regard to the processing of personal
data and on the free movement of such data
 A central provision in the Draft Regulation is Article 17
introducing the ‘right to be forgotten’ in the digital
environment, which draw its origins from the ‘right of
oblivion’ – or le droit à l’oubli

3. The ‘right to be forgotten’ in the
digital environment

4. Objective of the ‘right to be forgotten’
 To enhance users’ rights on the Internet and remedy the
lack of control over their personal data
 An attempt to deal with the issue of digital forgetting,
in other words, with the privacy issues arising in a Web
that never forgets

5. Article 17 GDPR
 a right to erasure of data that requires the controller to
delete personal data and preclude any further
dissemination of this data, but also to oblige third
parties, e.g. search engines, etc., to delete any links
to, or copies or replication of that data

6. Article 17 GDPR
 a) where data are no longer necessary in relation to the
purposes for which they were collected or otherwise
processed;
 b) where the data subject withdraws consent on which
the processing is based or when the storage period
consented to has expired and there is no other legal
ground for the processing of the data;
 c) where the data subject objects to the processing of
personal data; or
 d) where the data has been unlawfully processed.

7. An ambivalent right?
 there are concerns expressed by US authors that this
right will have chilling effects on free expression
 Viviane Reding, the former EU Justice Commissioner and
currently Vice-President of the EU Commission, stressed
out that this right builds on already existing rules.

8. Ramifications of the Google Spain case
 The ruling of the CJEU in the Google Spain case, which
recognized a right to have Google delete links to data that
are irrelevant and outdated, will have significant
repercussions, particularly to Internet companies, such as
search engines.
 Google, shortly after the decision was issued, received
certain takedown requests

9. The dispute and the request for a preliminary
ruling
 Mario Costeja González submitted a request against the
editor of a Spanish newspaper (La Vanguardia Ediciones
SL) and against Google Spain and Google Inc. due to the
reason that a search of his name in Google produced
articles published in that newspaper (‘La Vanguardia’)
sixteen years ago concerning a real-estate auction
connected with attachment proceedings for the
recovery of social security debts. Mr. González sustained
that the attachment proceedings concerning him had
been fully resolved for a number of years and that
reference to them was now entirely irrelevant.

10. Preliminary ruling
 The National High Court referred nine questions to the
CJEU for a preliminary ruling, which concern: a) the
territorial application of Directive 95/46, b) the activity
of search engines as providers of content in relation to
the Directive and c) the scope of the right of erasure
and the right to object in relation to the ‘right to be
forgotten’.

11. Processing of personal data
 The activity of a search engine consisting in finding
information published or placed on the internet by
third parties, indexing it automatically, storing it
temporarily and, finally, making it available to
internet users according to a particular order of
preference must be classified as ‘processing of
personal data’ within the meaning of Article 2(b)
when that information contains personal data and,
second, the operator of the search engine must be
regarded as the ‘controller’ in respect of that
processing, within the meaning of Article 2(d).

12. Territorial application of Directive
95/46
 Article 4(1)(a) of Directive 95/46 is to be interpreted
as meaning that processing of personal data is carried
out in the context of the activities of an
establishment of the controller on the territory of a
Member State, within the meaning of that provision,
when the operator of a search engine sets up in a
Member State a branch or subsidiary which is
intended to promote and sell advertising space
offered by that engine and which orientates its
activity towards the inhabitants of that Member
State.

13. The role an Internet Intermediary
 the operator of a search engine is obliged to remove
from the list of results displayed following a search
made on the basis of a person’s name links to web
pages, published by third parties and containing
information relating to that person, also in a case
where that name or information is not erased
beforehand or simultaneously from those web pages,
and even, as the case may be, when its publication in
itself on those pages is lawful.

14. The right to be forgotten in the Directive
95/46
 Article 12(b) and subparagraph (a) of the first
paragraph of Article 14 of Directive 95/46 are to be
interpreted as meaning that, when appraising the
conditions for the application of those provisions, it
should inter alia be examined whether the data
subject has a right that the information in question
relating to him personally should, at this point in
time, no longer be linked to his name by a list of
results displayed following a search made on the basis
of his name, without it being necessary in order to
find such a right that the inclusion of the information
in question in that list causes prejudice to the data
subject.

15. The right to be forgotten in the
Directive 95/46
 As the data subject may, in the light of his fundamental
rights under Articles 7 and 8 of the Charter, request that
the information in question no longer be made available to
the general public on account of its inclusion in such a list
of results, those rights override, as a rule, not only the
economic interest of the operator of the search engine but
also the interest of the general public in having access to
that information upon a search relating to the data
subject’s name. However, that would not be the case if it
appeared, for particular reasons, such as the role played
by the data subject in public life, that the interference
with his fundamental rights is justified by the
preponderant interest of the general public in having, on
account of its inclusion in the list of results, access to the
information in question.

16. Conclusions
 The most important consequence of this case law is that
an Internet search service provider needs to put itself in
the position of the provider of the web page, in which
personal information is initially published and make a
privacy assessment of the facts underlying the
dissemination of personal information on the Internet.

17. Conclusions
 the provider of such services needs to assume
responsibility for the processing of personal data, which
it undertakes. In our view, the removal of any links to
websites does not constitute censorship, if it is ordered
by a court or an administrative authority and on the
basis of legitimate grounds to protect privacy.

18. Conclusions
 However, the court decision did not elaborate as much
as necessary on that aspect and on the relation between
the obligations of a search engine provider as a
controller and the safe harbor principles of the e-
commerce Directive (2000/31), establishing a neutral
position of Internet intermediaries.
 The exceptions from the right to be forgotten should be
clearly formulated.

19. Conclusions
In conclusion it would be right to say that this
decision leaves open questions that should be
addressed by the EU legislator in the data
protection reform process.

20. THANK YOU VERY MUCH FOR YOUR ATTENTION