On 24 September 2019 the European Court of Justice (ECJ) released a preliminary decision according to which Google is not bound to apply the "right to be forgotten" or "de-referencing" globally.

In May 2015, the French authority for data protection, CNIL served a notice to Google according to which the company should remove all the links related to an individual (after the individual's request) from all its search engine's domain name extensions globally.
As Google did not comply with the notice, the CNIL imposed a fine of 100,000 EUR which prompted Google's reaction asking the annulment of the sanction from the Council of State in France. Questions related to the case were sent to ECJ for a preliminary ruling.

HappyBirthday GDPR factsheet

The ECJ came to the conclusion that, "Where a search engine operator grants a request for de-referencing pursuant to those provisions, that operator is not required to carry out that de-referencing on all versions of its search engine, but on the versions of that search engine corresponding to all the Member States, using, where necessary, measures which, while meeting the legal requirements, effectively prevent or, at the very least, seriously discourage an internet user conducting a search from one of the Member States on the basis of a data subject's name from gaining access, via the list of results displayed following that search, to the links which are the subject of that request."

According to Google, it has implemented a new layout for the national versions of its search engine, in which the domain name entered by the internet user no longer determines the national version of the search engine accessed by that user. Thus, the internet user is now automatically directed to the national version of Google's search engine that corresponds to the place from where he or she is presumed to be conducting the search, and the results of that search are displayed according to that place, which is determined by Google using an IP geo-location process.
The ECJ refers that there is no provision that prohibits the use of the geo-location argument and hence EU law does not currently require that the "right to be forgotten" refers to all versions of a search engine like Google.

The preliminary ruling is an important step on how "the right to be forgotten" is interpreted and applied in cases which involve non-EU jurisdictions.

  • 1

    The ECJ in its decision refers to the two sides to be considered. From the one side is the protection of the right to privacy and the protection of personal data and on the other side is the freedom of information of internet users. How these rights are interpreted can vary significantly around the world. Because of these different meanings "de-referencing" is difficult to be applied in a harmonized way outside the European Union (EU).

  • 2

    Co-operation with authorities outside the EU is difficult, although GDPR provides for the cooperation of authorities in its provisions. Moreover, a global search engine operator is not obliged to follow the injunction of an EU authority, regarding its branches outside EU.

  • The Opinion of the Advocate General is available under the European Court of Justice Website

Stay updated with the latest regulatory news monitored every day and provided to you by Pideeco's regulatory watch team.
Oscar Canario da Cunha - Pideeco Network Partner
Oscar Canario da Cunha Managing Director
Add your comment

Related articles

What is open banking? Learn about how this innovation allows banks to better understand the needs of their retail, SME,...

Europe Sun 15 September 2019

Conduct Risk has been the hot topic of the past years. From principles to outcomes, discover how to articulate your busi...

Transparency Mon 28 May 2018

Learn what a Data Protection Authority (DPA) is and find the complete compiled list of EU DPAs.

Data Protection Authority Tue 05 September 2023

Is the UBO Register useful during KYC processes? Learn how and why it is important to verify Ultimate Beneficial Owners...

Europe Tue 10 December 2019
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us