open search
close
Internationales Arbeitsrecht

Europe – European Court of Justice rules on the scope of the ‘right to be forgotten’ for search engines

Print Friendly, PDF & Email

Two recent European Court of Justice cases have given guidance on the scope of the ‘right to be forgotten’.

The European Court of Justice has published its rulings in two prominent cases addressing the scope of ‘the right to be forgotten’ under EU privacy laws. Both cases involved Google and the French National Commission on Informatics and Liberty (‘CNIL’).

The right to be forgotten was based on the ECJ’s interpretation of the previous Data Protection Directive in a 2014 case involving Google. The right, which was later implemented in the General Data Protection Regulation (GDPR), enables European data subjects to request the erasure and removal of all their personal information under certain conditions.

The first case stems from the CNIL’s decision regarding Google’s application of the right to be forgotten on a global basis. In 2015, CNIL requested Google to globally delist search results containing personal information that was subject to the right to be forgotten requests from its search engine. Google removed the links only from its European domain names, but refused to delist the search results from domain names available outside of Europe. In response the French regulator fined Google EUR 100,000. Google challenged the ruling at France’s Council of State, which turned to the European Court of Justice for guidance.

Earlier this year, Google won the support of the European Court of Justice’s Advocate General (AG), in a nonbinding recommendation delivered to the Court. The AG claimed that the right to be forgotten should be limited to Europe only. In its decision, the Court ruled that there is no obligation under EU law for search engine operators to delist search results that are subject to the right to be forgotten in all of their domains upon a de-referencing request from a data subject or regulatory body. Upon a justified request, the operator must delist the results for all European domains only.

The European Court of Justice emphasised that the Internet is a global network without borders, and although the delisting of all references from all domain names will meet the objectives of the right in full, it should be recognised that various countries did not acknowledge the right to be forgotten.

The second case focused on a dispute between four French data subjects and Google and CNIL, after both the tech giant and the French regulator refused a request to delist sensitive information from Google’s search engine.

According to the European Court of Justice’s decision, the restrictions and prohibitions on the processing of special categories of personal data, specifically when the data subject’s consent to such processing was revoked, apply to operators of search engines as any other processor or controller. Upon the data subject’s request, a search engine operator must delist results leading to a web page containing sensitive personal information (such as health related information or information on political view of an individual), even if this data was not erased beforehand by the web page.

In some circumstances, the operator may refuse to accede to a request for delisting. A refusal can be made when it establishes that the relevant links are covered by the exceptions listed in the GDPR (and the previous Directive), or where it deems that there is a substantial public interest and the links are necessary for exercising the right for freedom of information.

KLIEMT.Arbeitsrecht is a member of Ius Laboris, an international alliance of leading law firms providing specialised services in employment law.

Ius Laboris




Ius Laboris is a leading international employment law practice combining the world’s leading employment, labour and pension firms. Our role lies in sharing insights and helping clients to navigate the world of labour and employment law successfully.
Verwandte Beiträge
Internationales Arbeitsrecht Neueste Beiträge

Employers liable for employees’ GDPR errors

A recent judgment of the European Court of Justice (ECJ) sheds light on the question of whether a data controller can be exempted from liability for the error of a person acting under its authority. The General Data Protection Regulation (GDPR) provides that a controller or processor is exempt from liability for breaches of the GDPR if it proves that it is not in any…
Internationales Arbeitsrecht Neueste Beiträge

Where can an employee sue an employer? A recent ruling and its implications for Austrian law

The European Court of Justice has ruled that an employee living in Austria has to bring a legal action against the employer with whom she had an employment contract in Germany, because the main part of her contractual obligations had to be performed in Germany, even if no work was actually performed. A recent European Court of Justice ruling (25 February 2021; C–804/19, Markt24) has clarified the law on where…
Internationales Arbeitsrecht Neueste Beiträge

Schrems II: what are the implications for data transfers from the GCC?

In Schrems II, the European Court of Justice rejected the Privacy Shield as a legitimate basis for personal data transfers: what are the potential consequences for data processing in the Gulf Cooperation Council countries? This article provides guidance. The European Court of Justice’s recent Schrems II decision (case C-311/18) has attracted a lot of attention in data protection circles. One of the key outcomes of…
Abonnieren Sie den kostenfreien KLIEMT-Newsletter.
Jetzt anmelden und informiert bleiben.

 

Die Abmeldung ist jederzeit möglich.