On 24 September 2019 the European Court of Justice (ECJ) released a preliminary decision according to which Google is not bound to apply the "right to be forgotten" or "de-referencing" globally.

In May 2015, the French authority for data protection, CNIL served a notice to Google according to which the company should remove all the links related to an individual (after the individual's request) from all its search engine's domain name extensions globally.
As Google did not comply with the notice, the CNIL imposed a fine of 100,000 EUR which prompted Google's reaction asking the annulment of the sanction from the Council of State in France. Questions related to the case were sent to ECJ for a preliminary ruling.

HappyBirthday GDPR factsheet

The ECJ came to the conclusion that, "Where a search engine operator grants a request for de-referencing pursuant to those provisions, that operator is not required to carry out that de-referencing on all versions of its search engine, but on the versions of that search engine corresponding to all the Member States, using, where necessary, measures which, while meeting the legal requirements, effectively prevent or, at the very least, seriously discourage an internet user conducting a search from one of the Member States on the basis of a data subject's name from gaining access, via the list of results displayed following that search, to the links which are the subject of that request."

According to Google, it has implemented a new layout for the national versions of its search engine, in which the domain name entered by the internet user no longer determines the national version of the search engine accessed by that user. Thus, the internet user is now automatically directed to the national version of Google's search engine that corresponds to the place from where he or she is presumed to be conducting the search, and the results of that search are displayed according to that place, which is determined by Google using an IP geo-location process.
The ECJ refers that there is no provision that prohibits the use of the geo-location argument and hence EU law does not currently require that the "right to be forgotten" refers to all versions of a search engine like Google.

The preliminary ruling is an important step on how "the right to be forgotten" is interpreted and applied in cases which involve non-EU jurisdictions.

  • 1

    The ECJ in its decision refers to the two sides to be considered. From the one side is the protection of the right to privacy and the protection of personal data and on the other side is the freedom of information of internet users. How these rights are interpreted can vary significantly around the world. Because of these different meanings "de-referencing" is difficult to be applied in a harmonized way outside the European Union (EU).

  • 2

    Co-operation with authorities outside the EU is difficult, although GDPR provides for the cooperation of authorities in its provisions. Moreover, a global search engine operator is not obliged to follow the injunction of an EU authority, regarding its branches outside EU.

  • The Opinion of the Advocate General is available under the European Court of Justice Website

Stay updated with the latest regulatory news monitored every day and provided to you by Pideeco's regulatory watch team.
Oscar Canario da Cunha - Pideeco Network Partner
Oscar Canario da Cunha Associate Director
Add your comment

Related articles

MiFID was created with the objective of harmonizing Europe‘s financial landscape. Learn how the Directive changed the ...

Transparency Sat 27 May 2017

What are the impacts of the recent regulatory introduction of Anti Money Laundering (AML) EU directives 2015/849 and 201...

Europe Mon 28 August 2017

What are the impacts of the recent regulatory introduction of Anti Money Laundering (AML) EU directives 2015/849 and 201...

EU Mon 28 August 2017

How is the insurance and reinsurance markets regulated in the EU? Learn about Solvency II, PRIIPS, and KIDs.

Privacy Wed 17 April 2019
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us