The European Right to be Forgotten in the Context of Search Engines

Abstract

In this dissertation, the implementation of the right to be forgotten in the context of search engines throughout Europe was analysed, notably considering the CJEU case-law. The whole examination examined the balancing test which must be present when controllers of personal data deal with removal requests. In such an assessment, the contrasting rights and interests of data subjects and the general public must be weighed up in order for search engine operators, data protection authorities or judicial authorities to reach a decision regarding the suppression of information from the Internet. The CJEU recognition of search engine operators as controllers of personal data in Google Spain gave rise to some criticism regarding the public role such private companies would be playing, as opposed to what the neutrality principle proposes. Nevertheless, theses private entities possess more financial resources and availability of staff to handle such cases, which renders the Court’s decision comprehensible. Following this judgment, the right to be forgotten was codified in the General Data Protection Regulation, although some points remained undiscussed. In this sense, GC and Others addressed the general prohibition of processing sensitive data, in which the Court decided that search engine operators must act only after receiving a de-referencing request involving such types of data, not in a systematic manner. Additionally, Google v CNIL highlighted the debate concerning the extraterritorial application of EU data protection laws worldwide. In a cautious approach, the Court decided that the erasure of personal data must take place inside the European Union, however it still recognised the rare possibility of requiring a global de-indexation, although it cannot be easily foreseeable once such requirement would create endangering and unnecessary tensions between the Union and third states. Despite the impossibility of completely removing content from the digital space, some measures may suffice to prevent the access of information. In this sense, some solutions were proposed to make the application of the erasure of personal data on the Internet more effective. Accordingly, it includes expiration dates, segmentation, pseudonymisation and public-private partnerships, which, in essence, would help to minimise the current administrative burden of search engine operators, while providing more protection of personal data for Internet users as well as greater public oversight of the measures taken by private entities in implementing such right.

Description

Keywords

Citation