By Cedric Ryngaert and Mistale Taylor
On 24 September 2019, the Court of Justice of the EU (CJEU) rendered its judgment in Google v CNIL on the geographic scope of implementation of the right to erasure (also known as the right to be forgotten or the right to be de-referenced). The judgment has received substantial media coverage (see, e.g., here and here), but press reports have paid little attention to its legal nuances. This blogpost provides such legal analysis, and reflects on the jurisdictional aspects of the judgment,in particular on the territorial reach of decisions to de-reference search results. The post argues that the CJEU deserves credit for displaying jurisdictional reasonableness, and on that basis rejecting an obligation for search operators to de-reference search results on all versions of their search engine. However, the CJEU pays conspicuous deference to EU Member State authorities, and gives little specific guidance as to how exactly these authorities are to determine the scope of implementation of the right to erasure.
Three years ago, the European Court of Justice gave judgment in the Google Spain-case, which established the so-called ‘right to be forgotten.’ This right enables individuals to require from search engines that they remove irrelevant search results for searches on their name. Continue reading
On 31 January, the Japanese Supreme Court, for the first time in its history, handed down a decision regarding a so-called “right to be forgotten” case. The right to be forgotten—whose development the EU helped shape—entails an individual having the right to ask that a search engine remove search results linking to a specific result about him- or herself. The Japanese Supreme Court decided in favor of the search engine giant, Google, without referring to this emerging yet still contested right to be separated from one’s past online. Noteworthy, nonetheless, is that the Japanese Supreme Court laid down certain criteria with which to mandate the removal of search results. (The decision in Japanese is available here.) Continue reading
A look at the Advocate General’s opinion in Maximillian Schrems v Data Protection Commissioner.
Your average Facebook-using EU resident, whilst often being blissfully unaware of the laws that apply to his or her personal data acquired by Facebook, has probably shown some concern about privacy rights, especially since the 2013 Snowden revelations. Then a young Austrian law student, Maximillian Schrems decided to take this concern further and in 2013 lodged a complaint with the Irish Data Protection Commissioner about Facebook transferring EU residents’ personal data to the US, where, he asserted, it was insufficiently protected. The complaint was rejected, and the case went before the Irish High Court and eventually the Court of Justice of the European Union (CJEU). CJEU Advocate General Yves Bot (AG) issued an opinion on 23 September, advising the Court in how to decide upon the case. Privacy activists, including Schrems, have welcomed this opinion and commentators are now rushing to speculate what the consequences will be. Whatever the eventual outcome, the AG’s opinion is in line with recent CJEU decisions that emphasise the importance of the fundamental right to data protection over other rights, freedoms, concerns and/or interests. Continue reading