Right to be forgotten is not global, says EU court adviser

The European Court of Justice (CJEU) is expected to rule that the right to be forgotten conferred by the EU’s General Data Protection Regulation (GDPR) applies only to the EU and not globally.

The ruling is expected in a dispute between Google and the French privacy watchdog, the CNIL, after the court’s advocate general and chief adviser, Maciej Szpunar, said in a preliminary finding that EU citizens’ requests to Google and other search engines to remove links to irrelevant or outdated information about them from online searches should not apply globally.

Although the CJEU is expected to issue a final ruling in the case in two to four months, legal observers say the court usually follows the adviser’s opinion, typically endorsing initial opinions in final judgments.

A number of UK and international free speech organisations have expressed concern that extending the right to be forgotten to apply globally could encourage censorship in countries such as China, Russia and Saudi Arabia, according to The Guardian. The groups have also warned of the potential harm to internet users’ rights to access information if the CNIL’s ruling is upheld.

Szpunar said the right to be forgotten had to be balanced against other “fundamental rights”, such as the right to data protection, privacy and the legitimate public interest in accessing information.

Google wants to overturn a ruling by the CNIL in July 2015 that the right to be forgotten can be effective only if Google removes affected search results worldwide.

In response to a May 2014 ruling by the CJEU that an individual could demand that “irrelevant or outdated” information be deleted from results, Google implemented mechanisms to ensure that any search results taken down under the right to be forgotten principle cannot be viewed by anyone in an EU member state – but the CNIL wants that to be applied worldwide.

The CNIL’s ruling was made after the watchdog fined Google €100,000 for failing to remove an individual’s name from all its domains across the internet. Google then appealed to the CJEU in Luxembourg to have the fine annulled.

Szpunar said in his opinion that Google “is not required, when acceding to a request for de-referencing, to carry out that de-referencing on all the domain names of its search engine” and that it only had to “ensure full and effective de-referencing within the EU”.

Peter Fleischer, senior privacy counsel at Google, said in a statement: “Public access to information and the right to privacy are important to people all around the world, as demonstrated by the number of global human rights, media and other organisations that have made their views known in this case.

“We have worked hard to ensure that the right to be forgotten is effective for Europeans, including using geolocation to ensure 99% effectiveness.”

Richard Cumbley, partner and global head of technology at UK law firm Linklaters, said this important case pits fundamental rights to privacy against freedom of expression and highlights the continuing conflict between national laws and the internet.

There are a number of risks in extending the right to be forgotten globally, including the risk that other states would also try to suppress search results on a global basis.

“This would seriously affect people’s right to access information,” said Cumbley, adding that although the CJEU is not required to follow the advocate general’s opinion, it is “very likely” that it will.