Today we live in a world where with the click of a button anyone can have access to your private life or a magnitude of other information. In 2014, an individual’s ability to access a wide range of personal information was called into question regarding the case of Spaniard Mario Costeja González. Mr. González successfully argued that information regarding his past financial misfortunes was no longer relevant and should be removed from the internet. The ruling was based on an EU citizen’s rights that are acknowledged in Article 7 (the respect for private and family life) and Article 8 (the protection of personal data) of the Charter of Fundamental Rights of the European Union (CFR). Thus, setting the precedent for a European Union citizen’s right to be forgotten.
What exactly does this right entail? Individuals can now hide sensitive information if the details are deemed “inadequate, irrelevant or no longer relevant, or excessive”. Google’s removal request process requires the applicant to identify their country of residence, personal information, a list of the URLs to be removed (along with a short description of each one) and attachment of legal identification. Where the request is assessed before it is approved for removal, in which Google’s removal team (made up of professors, lawyers, and government officials) weighs the individual’s right to privacy against the public’s right to know.
In 2018, the GDPR (General Data Protection Regulation) added the condition that members of the public can request (verbally or in writing) that any organization weigh in on their demands of privacy – the hitch being that they only have one month to respond. Taking away the strength behind the statement: the internet is forever.
However, this right was not established without its apparent limitations. In 2015, a French privacy regulator, CNIL (the National Commission on Informatics and Liberty), ordered Google to globally remove search results that list information that is deemed damaging or false. A demand that Google and citizens from other countries did not take lightly. Raising the question, to what extent should the right to be forgotten be applied to the rest of the world? Should the information of citizens who reside in the EU affect the access that Americans or Canadians have to that information? Instigating the discussion on the policy regarding the cross-border regulation of the internet.
“Since the legislation went into effect in 2014, Google has received approximately 845,000 requests to removed 3.3 million web addresses – 45 percent of which get removed”
Peter Fleischer, Google’s senior privacy council, stated that considering the information at hand they were attempting to establish the correct balance between an individuals’ right to access information and their right to privacy. So, where does this leave Google regarding the CNIL’s demand for them to take global action? Google argued that this legislation should not extend beyond EU citizens. Their senior officers provided the argument that if applied outside of Europe, authoritarian governments could utilize this feature to disguise human rights abuses or it could turn into a censorship tool. Hence, if European regulators and public officials obtained the power to tell Google to remove all traces of information, then it would only be a matter of time before countries such as China and Russia would take up similar demands.
Additionally, others argued that the success of the CNIL’s claim would lead to a misuse of the legislation through the creation of a legal tool that celebrities and public figures could use to hide inconvenient information that arises online.
In the end Google prevailed. The European Court of Justice ruled that countries had to individually deal with the different policies surrounding the balance between the right to privacy and the protection of an individual’s personal data. On the grounds that the right to be forgotten was not an absolute right, therefore, it had to be balanced with other fundamental rights. Allowing citizens in countries such as the United States, to hold onto their right of freedom of information in the virtual world. Consequently, Google will now use geolocation technology to identify where the user is located and make sure that the users in the relevant jurisdictions do not see the links to the offending material. Although users can still use private VPN (Virtual Private Network) accounts to work around this internet block. The European Court of Justice responded to this worry with the claim that delisting should be accompanied by measures that will effectively prevent or seriously discourage someone from being able to access results from non-EU sites.
Esta publicación contiene información de interés general y no constituye ni debe ser tomada como una opción legal o asesoramiento sobre asuntos específicos. En caso de ser necesario, deberá procurarse asesoramiento legal sobre el tema de su interés.