Right to be Forgotten

Subscribe to Right to be Forgotten via RSS

Co-authored by Geoffrey Roche

On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.

After nearly four years of negotiation and wrangling, European Officials announced yesterday that they had finally reached agreement on the language for the EU’s new General Data Protection Regulation (“Regulation), which will replace the aging 1995 Data Protection Directive (“Directive”).

In many ways, the announcement is welcome news as it

In an expected but controversial move, Google has rejected a demand by the French Data Privacy authority CNIL to apply the European “Right to be Forgotten” worldwide.

We have covered the E.U.’s Right to be Forgotten before, but here is a quick recap: under the E.U. rule, individuals have the right to require organizations that control personal data about them (“data controllers”) to delete all such data and abstain from further disseminating it. A data controller is required to act on an individual’s request to delete their personal data without delay unless they have a legitimate reason for not doing so. A series of European Court rulings established that search engines such as Google qualify as “data controllers,” and that search engines can be required to “delist” links to content as a means of preventing that content from being disseminated. Most surprising however, is the suggestion in these rulings that Google can be required to delist links from all Google domains, not just from domains in the E.U. or in specific E.U. countries.