Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Google Wins EU Fight Against Worldwide ‘Right to be Forgotten’

Google is not required to apply an EU “right to be forgotten” to its search engine domains outside Europe, the EU’s top court ruled Tuesday in a landmark decision.

Google is not required to apply an EU “right to be forgotten” to its search engine domains outside Europe, the EU’s top court ruled Tuesday in a landmark decision.

The European Court of Justice handed victory to Google in the case, seen as crucial in determining whether EU online regulation should apply beyond Europe’s borders or not.

The US internet giant had argued that the removal of search results required under EU law should not extend to its google.com domain or its other non-EU sites.

The court ruled that, while a search engine operator such as Google must carry out “de-referencing” of links as demanded by a regulator or court in an EU state to all European versions of its sites, that “right to be forgotten” did not need to go further.

“There is no obligation under EU law” for search engine operators such as Google “to carry out such a de-referencing on all the versions of its search engine,” the court said.

But it did stress that de-referencing on EU sites must include measures to “seriously discourage” a European internet user being able to get around the “right to be forgotten” by accessing unrestricted results from a search engine on a non-EU domain.

That demands “geo-blocking”, which Google says it already uses effectively in Europe.

Savvy internet users, however, can get around that measure with a VPN that masks the user’s location, or by going to some non-Google search engines.

– Google hails win –

The EU court case, seen as pitting individuals’ rights to privacy online against freedom of information, stemmed from a legal battle waged by France since 2014 to have Google apply the “right to be forgotten” to all its search domains.

If France had won, it could have deepened a rift between Europe and the United States, which is home to most of the internet’s behemoths and whose President Donald Trump has railed against what he sees as EU meddling in US business.

In the end, though, the court found that EU law on the issue did not seek to have the “right to be forgotten” extend beyond its borders.

Google hailed Tuesday’s decision by the EU court.

“It’s good to see that the court agreed with our arguments,” its lawyer, Peter Fleischer, said in a statement, adding that Google has worked “to strike a sensible balance between people’s rights of access to information and privacy”.

The US company and other stakeholders had warned that authoritarian countries outside Europe could abuse global de-referencing requests to cover up rights violations.

– Closely watched case –

Google’s position was bolstered in January by a non-binding opinion from the EU court’s top legal advisor, advocate general Maciej Szpunar, who recommended judges “should limit the scope of the de-referencing that search engine operators are required to carry out, to the EU”.

The case had been closely watched, especially as Europe has also already emerged as a global rule-setter in terms of data protection on the internet.

A 2016 General Data Protection Regulation it enacted that covers all EU citizens and residents has forced many sites and companies around the globe to comply with its measures.

In terms of the “right to be forgotten” legal fight, France’s data regulator, the Commission Nationale de l’Informatique et des Libertes (CNIL), had argued that, for de-referencing to be effective, it must apply to all domains wherever they are.

In 2016, CNIL fined Google 100,000 euros ($110,000) for non-compliance. Google appealed to France’s highest court, which in turn referred to the European Court of Justice, ending up with Tuesday’s ruling.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...