Category: right to be forgotten

CJEU rules that Right To Be Forgotten is only applicable in Europe

27. September 2019

In a landmark case on Tuesday the Court of Justice of the European Union (CJEU) ruled that Google will not have to apply the General Data Privacy Regulation’s (GDPR) “Right to be Forgotten” to its search engines outside of the European Union. The ruling is a victory for Google in a case against a fine imposed by the french Commission nationale de l’informatique et des libertés (CNIL) in 2015 in an effort to force the company and other search engines to take down links globally.

Seeing as the internet has grown into a worldwide media net with no borders, this case is viewed as a test of wether people can demand a blanket removal of information about themselves from searches without overbearing on the principles of free speech and public interest. Around the world, it has also been perceived as a trial to see if the European Union can extend its laws beyond its own borders.

“The balance between right to privacy and protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world,” the court stated in its decision.The Court also expressed in the judgement that the protection of personal data is not an absolute right.

While this leads to companies not being forced to delete sensitive information on their search engines outside of the EU upon request, they must take precautions to seriously discourage internet users from going onto non-EU versions of their pages. Furthermore, companies with search engines within the EU will have to closely weigh freedom of speech against the protection of privacy, keeping the currently common case to case basis for deletion requests.

In effect, since the Right to be Forgotten had been first determined by the CJEU in 2014, Google has since received over 3,3 million deletion requests. In 45% of the cases it has complied with the delisting of links from its search engine. As it stands, even while complying with deletion requests, the delisted links within the EU search engines can still be accessed by using VPN and gaining access to non-EU search engines, circumventing the geoblocking. This is an issue to which a solution has not yet been found.

Will Visa Applicants for the USA have to reveal their Social Media Identities in future?

11. January 2018

The U.S. Department of State is aiming for Visa applicants to answer supplemental questions, including information about social media. A 30-Day notice has been published in November in order to gather opinions from all interested individuals and organizations. The goal is to establish a legal basis for the “proper collection of all information necessary to rigorously evaluate all grounds of inadmissibility or deportability, or grounds for the denial of other immigration benefits”.

In concrete terms, applicants are supposed to reveal their social media identifiers used during the last five years. The State Department stresses the fact that “the collection of social media platforms and identifiers will not be used to deny visas based on applicants’ race, religion, ethnicity, national origin, political views, gender, or sexual orientation.”

Meanwhile, the Electronic Privacy Information Center (EPIC) has submitted its comments asking for withdrawal of the proposal to collect social media identifiers and for review of the appropriateness of using social media to make visa determinations.

EPIC not only critizes the lack of transparency as it is “not clear how the State Department intends to use the social media identifiers” and further continues that “the benefits for national security” don’t seem precise. The organization also expresses concerns because the collection of these data enable enhanced profiling and tracking of individuals as well as large scale surveillance of innocent people, maybe even leading to secret profiles.

It remains to be seen how the situation develops and how the public opinion influences the outcome.

The application of the right to be forgotten in France challenged by Wikimedia

24. October 2016

Since the ECJ established the right to be delisted from search engines (right to be forgotten) in 2014, Google has received numerous requests from individuals and organizations regarding the deletion of search results that contain their personal data which is not any more current, correct, relevant or which causes damages to the data subjects. The right to be forgotten refers to certain domains, such as co.uk; fr, de, es or nl.

However the French DPA requested Google to delete these results from all Google search domains (including .com). As Google did not fully comply with this request, the French DPA (CNIL) imposed Google a fine early this year.

As the French Highest Court has still to decide about this, Wikimedia, the parent company of Wikipedia, filed a petition in order to take part in the case and support Google France regarding the ongoing dispute about implementation of the “right to be forgotten”. Wikimedia’s legal counsel said in a statement that “no single nation should attempt to control what information the entire world may access”. Furthermore, she added that the application of the right to be forgotten involves the disappearance of several Wikimedia websites, which has an impact on the availability of knowledge.

Not only in France, but also in other jurisdictions is Google facing similar processes regarding the application of the right to be forgotten.