More than a year after the European Union’s highest court ruled that Google and other search engine providers must honor certain requests to remove links to personal information appearing in search results, the consequences now threaten to spill over EU borders.

At issue is France’s insistence to apply those right-to-be-forgotten principles globally, not just within French borders. Those demands from Paris have heated up considerably over the summer. The problem for Google—and Yahoo, Microsoft, and many others in the tech industry—is that compliance with the French demands would be practically impossible to meet, and they fly in the face of American press freedoms anyway.

“The EU court’s decision is the law in Europe. It’s not the law globally,” says Craig Newman, a partner with law firm Patterson Belknap Webb & Tyler. As France tries to make the right to be forgotten a global principle, it raises the question as to the scope of the EU data protection laws, he says.

Start with a brief history of the right to be forgotten. In May 2014, the European Union Court of Justice (ECJ) ruled that the EU’s Data Protection Directive affords European citizens the “right to be forgotten,” effectively meaning they can ask search engine providers to remove from search results certain personal information about them if the information is “inadequate, irrelevant, or no longer relevant.” An exemption is allowed for information deemed to be in the public interest.

The ruling centered on a case brought by Mario Costeja González, a Spainard, against Google for refusing to remove links to a 1998 newspaper announcement of a real estate auction of his home for unpaid debt. González lodged a complaint with the Spanish Data Protection Agency, arguing that the matter had long been resolved and was irrelevant. The agency agreed with González, prompting Google to appeal to the National High Court of Spain, which sought advice from the ECJ for a preliminary ruling.

Since the ECJ ruling (González v. Google), U.S. search engine giants Google, Yahoo, and Microsoft created online forms for European citizens to request blocking certain search results. Jason Weinstein, a partner with law firm Steptoe & Johnson, says the ruling has placed Google and other search engine providers “in the unenviable position of being the privacy police.”

It also has imparted significant burdens on search engines, “because they’ve had to create an administrative system to take in these requests, act on them, and then decide whether to remove the link from its search results,” Newman says.

The search engines themselves describe a painstakingly, nuanced process. “We carefully evaluate each request with the goal of balancing the individual’s right to privacy with considerations of the public’s right to information,” says a Yahoo spokesperson.

In its transparency report, Google similarly said that it “must consider the rights of the individual as well as public interest in the content” for every request it fields. In one example, Google said it received “multiple requests from a single individual who asked us to remove 20 links to recent articles about his arrest for financial crimes committed in a professional capacity. We did not remove the pages from search results.”

“The EU court’s decision is the law in Europe. It’s not the law globally.”
Craig Newman, Partner, Patterson Belknap Webb & Tyler

To date, Google said it has evaluated for removal more than 1 million links, of which 374,218 were removed (41 percent). Facebook continues to be the top domain where Google has removed the most links, at 8,443. Yahoo and Microsoft’s Bing declined to provide data.

Global Implications

In the last two months, however, the “right to be forgotten” has threatened to create legal and enforcement hurdles for search engine providers on a global scale. This concern comes amid a formal notice that France’s data protection regulator, the CNIL, sent to Google in June ordering it to remove URLs from search results everywhere—not just European search engines. “CNIL considers that in order to be effective, delisting must be carried out on all extensions of the search engine,” the regulator said.

Google has adamantly declined to comply with CNIL’s request, which could have broader implications for other search engine providers. “This is a troubling development that risks serious chilling effects on the Web,” Peter Fleischer, global privacy counsel for Google, said in a blog post on the company’s website.

If the CNIL’s proposed approach were the standard for Internet regulation, “the Internet would only be as free as the world’s least free place,” Fleischer wrote. “We believe that no one country should have the authority to control what content someone in a second country can access.”

The basis of the EU’s ruling would not hold in the United States, where it would collide with American rights to freedom of speech and freedom of press. “U.S. law would not permit someone to erase truthful information because it’s no longer relevant, or because it’s harmful to an individual,” says Jon Neiditz, a partner in the law firm Kilpatrick Townsend & Stockton.

“It’s extremely unlikely that the right to be forgotten will be adopted as a result of action by a court or other governmental authority in the United States,” Weinstein says. “It’s more likely that the right to be forgotten could be imposed on the United States, if at all, as a practical effect of rulings in other countries.”

That is, if more and more countries follow the French lead in right-to-be-forgotten, less and less content will be visible to Internet users overall—including users in the United States.

Nonetheless, momentum continues to build—albeit slowly—among consumer advocacy groups in the United States urging adoption of the EU’s approach. In July, Consumer Watchdog, a nonprofit consumer advocacy group, formerly lodged a complaint with the Federal Trade Commission concerning Google’s “failure to offer U.S. users the ability to request the removal of search engine links from their name to information that is inadequate, irrelevant, no longer relevant, or excessive.”

GOOGLE RESPONSE

Below, Google responds to the EU's enactment of the “Right To Be Forgotten Law.”
In a landmark ruling in May 2014, the Court of Justice of the European Union (CJEU) established a "right to be forgotten", or more accurately, a “right to delist”, allowing Europeans to ask search engines to delist certain links from results they show based on searches for that person’s name. We moved rapidly to comply with the ruling from the Court. Within weeks we made it possible for people to submit removal requests, and soon after that began delisting search results.
It's now just over a year later and we’ve evaluated and processed more than a quarter of a million requests to delist links to more than one million individual web pages. Whenever a request meets the criteria set by the Court for removal (which are that the information can be deemed inadequate, irrelevant, no longer relevant or excessive, and not in the public interest) we delist it from search results for that individual’s name from all European versions of Google Search.
However, earlier this summer, France’s data protection regulator, the CNIL, sent us a formal notice ordering us to delist links not just from all European versions of Search but also from all versions globally. That means a removal request by an individual in France, if approved, would not only be removed from google.fr and other European versions of Google Search, but from all versions of Google Search around the world.
This is a troubling development that risks serious chilling effects on the web.
While the right to be forgotten may now be the law in Europe, it is not the law globally. Moreover, there are innumerable examples around the world where content that is declared illegal under the laws of one country, would be deemed legal in others: Thailand criminalizes some speech that is critical of its King, Turkey criminalizes some speech that is critical of Ataturk, and Russia outlaws some speech that is deemed to be “gay propaganda."
If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom. In the end, the Internet would only be as free as the world’s least free place.
We believe that no one country should have the authority to control what content someone in a second country can access. We also believe this order is disproportionate and unnecessary, given that the overwhelming majority of French internet users—currently around 97%—access a European version of Google’s search engine like google.fr, rather than Google.com or any other version of Google.
As a matter of principle, therefore, we respectfully disagree with the CNIL’s assertion of global authority on this issue and we have asked the CNIL to withdraw its Formal Notice.
We have worked hard to strike the right balance in our implementation of the European Court’s ruling and have maintained a collaborative dialogue with the CNIL and other data protection authorities, who agree with our decisions in the majority of cases referred to them. We are committed to continuing to work with regulators in this open and transparent way.
Source: Google.

Google’s refusal to consider such removal requests “is both unfair and deceptive,” Consumer Watchdog said in its complaint, and therefore violates Section 5 of the Federal Trade Commission Act.

In response to the complaint, the Association of National Advertisers (ANA) sent a letter to the FTC urging the agency to dismiss Consumer Watchdog’s argument. “Such a rule would force American companies to edit the past under the supervision of federal regulators,” Dan Jaffe, ANA’s group executive vice president for government relations, said in a statement.

“This view is unprecedented, counterintuitive, illogical, and dangerous to free expression as U.S. speech protections under the First Amendment are far more robust than is the case under European law,” Jaffe added. “The FTC should rapidly repudiate this misguided proposal.”

Weinstein is more direct in his language: “The pending lawsuit asking the FTC to declare that Google is violating the FTC Act by not offering the right to be forgotten in the United States is absurd.”

Another important, emerging concern posed by the right to be forgotten is who ultimately has a right to decide what information gets removed and what does not, Neiditz says.

Take Russia as an example. In July, Russian President Vladimir Putin signed into law its own version of the right to be forgotten, which goes into force on Jan. 1, 2016. Similar to the EU, the law allows Russian citizens to demand removal of a search engine’s links to personal information deemed irrelevant or inadequate.

Unlike the European law, however, the Russian law extends the right to be forgotten to public figures—and, thus, potentially information in the public interest.

If the government were to start making such decisions, that could set a dangerous precedent, Neiditz says. “The right to be forgotten becomes a right of censorship.”

Topics