Google’s lawyers are in Europe’s top court today arguing against applying the region’s so-called ‘right to be forgotten’ ruling globally domains, rather only geo-limiting delistings to European sub-domains (as it does now).
The original rtbf ruling was also a European Court of Justice (ECJ) decision.
Back inÂ 2014Â the court ruled search engines must respect Europeans’ privacy rights, and — on request — remove erroneous, irrelevant and/or outdated information about a private citizen.
Google was not at all happy with the judgement, and kicked off a major lobbying effort against it — enlisting help from free speech champions like Wikipedia’s Jimmy Wales.
But it also complied with the ruling, after a fashion (after all, it is EU law) — applying delistings on local domains but not across Google.com.Â Which means there’s a trivial workaround for circumventing EU law.
That has displeased European data protection agencies — who say Google is flouting the law and EU citizens fundamental rights are not being respected.Â France’s data protection agency challenged Google’s approach. In May 2016 it ordered the company to make delistingsÂ global, and fined itÂ â‚¬100,000Â for non-compliance.
Google appealed and last year the French court decided to refer questions to the ECJ for a ruling on the scope of the delisting — saying it â€œposes a serious difficulty in interpreting the Law of the European Unionâ€�.
And so now we’re back in Europe’s top court with Google’s lawyers arguing against making delistings global — contending it would damage free speech, and enable authoritarian regimes to get stuff they don’t like scrubbed off the Internet.
“We — and a wide range ofÂ human rightsÂ andÂ mediaÂ organizations, and others,Â like WikimediaÂ — believe that this runs contrary to the basic principles of international law: No one country should be able to impose its rules on the citizens of another country, especially when it comes to linking to lawful content,” wrote Google’s Kent Walker, in 2015. “Adopting such a rule would encourage other countries, including less democratic regimes, to try to impose their values on citizens in the rest of the world.”
The extraterritoriality problem was also chewed over by Google’s self-appointed ‘advisory council’ on the rtbf issue at that time.
AndÂ while the majority of this Google-appointed body aligned with Google’s view that there should not be global delistings, there was one dissenting voice: German MP, Sabine Leutheusser-Schnarrenberger, who wrote then:Â “The internet is global, the protection of the user’s rights must also beÂ global. Any circumvention of these rights must be prevented.”
Google and CNIL declined to comment on today’s hearing.
A second (separate) rtbf case also being heard by the ECJ today concerns whether search engines should have to remove reference to any sensitive personal information about individuals. Which would represent a significant expansion if granted.
However the case is not supported by EU data protection agencies. The individuals bringing the case had their application rejected by CNIL, leading them to pursue a legal appeal.
The key point on this case is that the current right to delist is not absolute; the rtbf only applies to private individuals, not to public figures (e.g. politicians and journalists); and also only applies where the information in question is outdated or irrelevant. So it is bounded and balanced, and absolutely does not apply to every individual and every piece of sensitive personal data.
The current implementation of the rtbf also means Google must review requests, to balance the public right to know against individual privacy rights.
The company actually denies the majority of requests — i.e. when it does not believe a request falls under the scope of the law (Google publishes a Transparency ReportÂ on delisting, showing it has, to-date, agreed to delist less than half of requests).
Individuals denied delisting can appeal to a national data protection agency, and indeed challenge a DPA decision in court — as in this case.
ButÂ Google’s lawyers said today that only a tiny fraction of rtbf request decisions are every appealed, and further claimed its decisions largely align with DPAs…Â
There’s no fixed timeline for the ECJ to hand down a ruling on the two cases but a spokeswoman for the court told us that on average the opinion of the Advocate General comes 2 to 4 months after the hearing, and the Courtâ€™s judgment around 3 to 6 months after that. So a court verdict does not look likely before 2019.
Since the 2014 judgement, the EU has doubled down on the rtbf — extending the principle by baking it into its recently updated data protection framework, the GDPR, which gives EU citizens rights to ask data controllers to rectify or delete their personal information, for example.
Source: Techcrunch Disrupt