European Court of Justice Establishes “Right to Be Forgotten” Online

May 15, 2014

A surprising and potentially landmark decision dealing with the future of online privacy was handed down by the European Court of Justice in Luxembourg earlier this week. The case involved a Spanish national who filed a complaint alleging that when his name was entered into Google, the search results displayed links to two articles from 1998 that discussed the auction of his home, which had been repossessed. He contended that Google should be required to remove or hide the links from appearing in a search request, as the cases were resolved and therefore “irrelevant.”

A 1995 EU directive established privacy protections regarding how personal information is processed. It allowed for consumers to request that this data be erased in certain situations.  Based on this directive, the European Court of Justice found that Google is a processor and controller of personal information based on its search function and is therefore required, if asked, to remove links to web pages relating to a person from search results, even if the material contained in those links is true.

In determining when such request should be honored, the court found that a “fair balance” should be sought between the interests of free access to information and the privacy rights of individuals. This balance, the court determined, should be tilted towards the individual’s right to privacy, except in specific cases based on the nature of the information and the interest of the public having the information (such as if it concerns a public figure). If it is found that the inclusion of such links in a search result is incompatible with the rights of the individual, then a right to be “forgotten” exists and the links should be removed.

The case could have major implications on freedom of expression. It lets individuals determine what is presented in a search request online without regard for truth or falsity. It also interferes with the free expression rights of search engines and online publishers to allow legitimate information to pass to end users. Instead, it would require companies like Google or Twitter to serve basically as censors and remove data whenever the subject of the information asks, even if the information about them is true and lawfully published. The information would still exist, but search providers would be prevented from delivering it. It requires the search engines to determine whether to block access to third-party information to which they are merely providing links, asking them to use their judgment rather than any legal process.  

This case also starkly demonstrates the different paths the European Union and the United States are taking on privacy issues. In the United States, such a ruling would most likely never happen due to the strong constitutional protections provided by the First Amendment in favor of free expression. Signals such as these from Europe indicate that the EU may be in the process of taking more strident positions on privacy issues across the board. Advertisers are likely to be drawn in to the debate as the EU moves forward in regard to data privacy and security.

This decision puts many online companies, not just Google, in a precarious position. Will they have to honor European requests to delete information that was lawfully published in the United States? Will Facebook need to “untag” persons in photos that show them engaged in activity they would now prefer to be hidden? How long a period will there need to have passed to make information “irrelevant?” These Solomonic decisions are far from simple. What this decision means for companies that do business in Europe remain to be seen, but is likely to be time consuming, expensive, highly burdensome, and undermine free speech values.

You must be logged in to submit a comment.