Google Ruled Responsible for Privacy in Search
In a decision that may have wide reaching consequences the European Court of Justice has ruled that search engines should be held responsible for the protection of personal data in search results, even if the data concerned is legally available elsewhere.
The decision relates to a case first brought in Spain in 2010. Mr Costeja González, a Spanish citizen brought a complaint against Google Spain and a national newspaper. The complaint centred around the fact that information about debts owed by Mr Costeja González published 16 years earlier by the newspaper was out of date – and therefore under current data protection rules, should no longer be made available on the newspaper’s website, or via Google’s search results. Mr Costeja González’s requests for the content to be removed both by the newspaper and Google were originally refused by both parties.
He then complained to the Spanish Data Protection Authority, the Agencia Española de Protección de Datos (AEPD). They came to the conclusion that the newspaper pages had been lawfully published in 1998, and therefore there was no requirement to now alter them.
However, in further indexing the newspaper pages, and displaying them in search results based on a query on Mr Costeja González’s name, the AEPD decided that Google was responsible for further and continued processing of the data – which was now inaccurate. Therefore it decided that Google should respond to the request to remove the pages from its search results.
The European Courts of Justice have now upheld that decision.
What this means is that when searches are performed based on the name of an individual, the search engine has a legal responsibility over the results returned. In effect the individual concerned has a right to be forgotten in respect of information that is no longer accurate.
Much has been made of the ‘Right to be Forgotten’ in the proposed Data Protection Regulation that is still making its way through labyrinthine EU processes. There has been huge debate about the technological practicality of this provision, the costs it may impose, and balancing it with freedom of speech.
This decision not only highlights that this right already exists in EU law, it may prove to be a test of whether or not it can be effectively complied with. Many people will be watching to see what happens next.
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →