Google ‘right to be forgotten’ laws SHOULD only apply within Europe, says advisor to EU’s top court, in boost for the tech giant
- Google triumph as an EU advisor says privacy laws should only apply in the EU
- EU law can force Google to remove people’s names under ‘right to be forgotten’
- Google argued the law to be lifted on domains outside the EU like Google.com
- The non-binding advice was given to the European Court of Justice on Thursday
An EU rule which forces search engines to remove certain links referencing individuals, should only apply in the EU, according to the bloc’s most senior lawyer.
Google has been battling France over the ‘right to be forgotten’ law, which the US firm would like to see limited to European domains of its website – such as Google.fr or Google.co.uk – and not Google.com or domains outside the EU.
In 2014 the European Court of Justice granted the right for individuals, under certain conditions, to have references to them removed from search engine results.
Advocate General Maciej Szpunar told the ECJ on Thursday that EU law ‘should limit the scope of the de-referencing that search engine operators are required to carry out, to the EU.’
In this file photo, the Google offices in New York City, if the advice of the EU’s advocate general is taken by judges at the ECJ Goggle chiefs will have cause for celebration
Judges at the ECJ usually, but not always, follow the legal opinions of the court’s advocate general.
Szpunar is ‘not in favour of giving the provisions of EU law such a broad interpretation that they would have effects beyond the borders of the 28 member states,’ the statement added.
The US tech behemoth firmly opposed the decision in 2014, but complied with the ruling by delisting search references once requested across its European domains.
France’s data regulator, the Commission Nationale de l’Informatique et des Libertes (CNIL), opposed the distinction and said the firm should apply the delisting to all extensions, regardless of the national domain.
In 2016, CNIL fined Google 100,000 euros ($112,000) for non-compliance and Google appealed to France’s highest court, which in turn has referred to the ECJ for an opinion.
Google argues that its application of the right to be forgotten is already effective in France for well over 99 percent of searches.
In 2014 the European Court of Justice granted granted the right for individuals, under certain conditions, to have references to them removed from search engine results
It also adds that the company has implemented geo-blocking technology for EU searches that attempt to use non-EU domains to access de-listed information.
In September, EU court judges heard a long list of stakeholders, including human rights groups that fear abuses of the EU’s ‘right to be forgotten’ rule by authoritarian states outside the bloc.
In a statement, the lobbying body for tech giants including Google welcomed the opinion.
The opinion ‘balances EU residents’ right to be delisted while respecting the constitutional rights of citizens outside of the EU,’ said CCIA Senior Manager Alexandre Roure.
‘We hope the final court ruling will take the same pragmatic and balanced approach,’ he added.
WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25, 2018.
It aims to strengthen and unify data protection for all individuals within the European Union (EU).
This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.
The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.
Under GDPR, companies are required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that entered into force on May 25
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Further, the controller must provide a copy of the personal data, free of charge, in an electronic format.
This change is a dramatic shift to data transparency and empowerment of data subjects.
Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent.
This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.