- Biological Inventions
- Brand Valuation
- Celebrity Rights
- Company Act
- Company Law
- Competition Law
- Constitutional Law
- Consumer Law
- Copyright Infringement
- Copyright Litigation
- Corporate Law
- Digital Media
- Digital Right Management
- Educational Conferences/ Seminar
- Environment Law Practice
- Farmer Right
- Fashion Law
- Foreign Law
- Gaming Industry
- Geographical Indication (GI)
- GIg Economy
- Hi Tech Patent Commercialisation
- Hi Tech Patent Litigation
- Intellectual Property
- Intellectual Property Protection
- IP Commercialization
- IP Licensing
- IP Litigation
- IP Practice in India
- IPAB Decisions
- IVF technique
- Khadi Industries
- labour Law
- Legal Issues
- Lex Causae
- Live-in relationships
- Lok Sabha Bill
- Marriage Act
- Media & Entertainment Law
- Member of Parliament
- Mergers & Acquisition
- News & Updates
- Non-Disclosure Agreement
- Online Gaming
- Patent Act
- Patent Commercialisation
- Patent Fess
- Patent Filing
- patent infringement
- Patent Licensing
- Patent Litigation
- Patent Marketing
- Patent Opposition
- Patent Rule Amendment
- Pharma- biotech- Patent Commercialisation
- Pharma/Biotech Patent Litigations
- Posh Act
- Protection of SMEs
- Section 3(D)
- Social Media
- Sports Law
- Stamp Duty
- Stock Exchange
- Surrogacy in India
- Telecom Law
- Trademark Infringement
- Trademark Litigation
- Traditional Knowledge
The origin of Right to be forgotten occurred in May 2009 from the European Commission’s meeting. A session on the “Is there a “fundamental right to forget? ” Was conducted. The Right to be forgotten is likewise called the right ‘to erasure.’ This right enables a person to demand the removal of his own information when this information gets insignificant to the organization. This right appears to be difficult to be enforced in light of the fact that an activity of disremembering is hard to be executed however the rule has been summoned to regard the personal privacy by deletion of inaccurate information.
The right to be forgotten is codified in the EU General Data Protection Regulation. This had made the EU to stretch out the right to be forgotten to every data processing. The GDPR gives any individual the right to request the erasure of their personal information or data when no satisfactory reason for its processing.
[Image Source: Shutterstock]
Google Spain v AEPD and Mario Costeja González
On March 5, 2010, a Spanish citizen by the name of Mario Costeja Gonzalez filed a complaint with the Spanish Authority for Personal Data Protection (AEPD), the country’s data protection agency, as well as against Google Spain and Google Inc. The man complained that a Google search auction of his foreclosed house was violating his right to privacy since the processes involving him had long since been resolved, making any mention of them improper and irrelevant. He first asked the newspaper to remove or alter the pages so that his personal information didn’t show up, and then he demanded that Google Spain or Google Inc. remove the offending content.
The AEPD denied the newspaper’s demand on the grounds that no newspaper is required to retract its articles since they were properly published at the time they were released. The lawsuit filed against Google was upheld.
By stating that every person has the opportunity to ask for the deletion of their information if it is insufficient, irrelevant or no longer relevant for those reasons given the passage of time, the European Court of Justice effectively clarifies the right to be forgotten in this case.
The case was referred to the Court of Justice of the European Union by the Spanish court putting forward the following questions: (a)Does EU’s 1995 Data Protection Directive can be applied to search engines like Google?;(b) Does EU law (the Directive) gets applied to Google Spain even though the given company’s data processing server was in the United States?;(c) Lastly, whether an individual has the right to request to remove his personal data from accessibility via a search engine i.e. the ‘right to be forgotten’.
The Court determined that search engines may process user information were doing so is necessary for the legitimate interests of the data subject or of a third party. The right has restrictions, particularly when it comes to the data subject’s fundamental rights like the right to privacy.
The Court responded to the question of whether Google Spain is subject to EU legislation (the Directive) by stating that Google Spain is a subsidiary of Google Inc., making Google Inc. a subject of the EU Directive. The legal responsibilities that web search engines like Google had under the Directive were a major source of worry. The court ruled that web search engines have the legal authority to treat personal data were doing so is essential to the data owner’s or another party’s legitimate interests. The right is subject to limitations, especially when it comes to the data subject’s fundamental rights like the right to privacy.
The court ruled that in these situations, not only does the data subject have this right, but the data controller is also required to take this information down. With this ruling, the Court recognised that while Google was under no duty to remove Mario Costeja Gonzalez’s personal information, he did reserve the right to do so.
Due to the precedent it has established for all upcoming cases, the ruling is of utmost significance. Notably, the ruling clarified the distinction between removing information from a search engine and removing it from a website. When data is released on a single website, it will have a far less effect on the right to privacy and the protection of personal data than when the same material is published on a search engine. This is mostly due to the fact that a broader audience may access data that has been published on a search engine.
The Court’s decision was based on this justification. For instance, when someone looks for someone’s information, he will undoubtedly put the person’s name into a search engine and won’t visit every page where he believes the person’s name could be referenced. As a result, the data should be deleted from the search engine for greater protection of an individual’s privacy.
The Court has said that there are restrictions on the right to privacy and the protection of personal data, such as the interest of the general public. Although this right to privacy is of utmost significance, it cannot be absolute and must be balanced fairly. The Court must evaluate the appropriate balance between the freedoms of expression and information and the right to privacy on a case-by-case basis.
The geographic application of the right to be forgotten—specifically, whether it may be applied outside of the EU—was a crucial issue that this judgement left unresolved. The landmark decision in Google v. CNIL provided a solution to this question, holding that Google is not required by EU law to implement the global right to be forgotten.
The ruling made in this case serves as a benchmark for the protection of personal information not just in Europe but also internationally. The GDPR provides strong protection for the right to be forgotten. As one of the largest data controllers of personal information, Google has now established a process enabling quick and simple access for its users to their right to be forgotten.
THREE THINGS TO LEARN FROM EUROPE’S RIGHT TO BE FORGOTTEN DECISIONS
Lesson 1: France’s Global Injunction Was Problematic
The first takeaway from this case is that France’s decision ordering Google to remove links to certain material from its search engine results globally is neither valid nor practical. To comply with Europe’s “Right to Be Forgotten”, Google agreed to put down certain offending search results from its searching database. The question which was to be dealt now was which search database. The firm laid three distinct options:
Domain-level response: This constitutes the removal of offending listings from only the country level domain, example google.fr.
Location-specific response: In this the geolocation technology is used to identify where the user is located and make sure that users in that jurisdiction (in this case, Europe) do not have access to links to the offending material.
Global takedown: This means to remove the links to the offending material worldwide.
In this case, Google started at domain-level, then was pushed to location-specific, yet the regulators insisted on a global takedown. Google initially took down the offending and targeted material from its Google.fr page but not from the google.com. After conducting an advisory meeting, it was decided to use the geolocation technologies to remove the content. But CNIL wanted a global injunction and concluded that Google should remove the offending links on all its search results.
The European privacy law has guaranteed a protection of personal data in the European Union and the global delisting would help it. But the right to the protection of personal data is not absolute in nature and therefore needs to be balanced out with other key fundamental rights. This analysis made it clear that there was no express EU authorization for the CNIL’s global order. Also, because the order does not balance privacy rights with freedom of information concerns, the court rejected it.
Lesson 2: Global Injunctions Are Not Inherently Problematic
The court left a little bit of ambiguity concerning the extra territorial regulation of the internet. While the court said that EU law does not authorise France to compel Google to remove listings globally it also does not prohibit such a practice. This means that the absenteeism of any statutory authority can be a good reason to order a global injunction, as long as they comply with balancing privacy with freedom of information.
The court was of the opinion that there was nothing wrong with global injunctions also it suggested that they are useful as remedies to far reaching internet harms.
Lesson 3: The Two Big Debates in the U.S.: Universal Injunctions and Content Moderation
The court stated how important is the strong speech regulations but at the same time how impossible is to get right on a massive platform. In the sensitive data ruling, it was held by the court that Google must take consent before processing sensitive data. This required the help of users about what was sensitive and non- consensual data sharing.
The court, in its sensitive data ruling, noted that, while Google must get consent before processing sensitive classes of data, it did not expect Google to solve this problem without some help from users about what is sensitive and non-consensual data sharing.
The Right to be forgotten holds incredible significance in the present situation yet it comes with certain constraints. It is not the right which will over rule all the other fundamental rights like the freedom of the media or the freedom of expression.
I would like to conclude that the privacy of a person holds tremendous amount of importance in today’s scenario which cannot be denied in any way.
As you’ve just read and seen, the right to be forgotten does not come with any guarantees. There are several exclusions and restrictions. Data controllers must consider factors like probability, proportion, cost, and so on. Enabling the use of the right to be forgotten is difficult and requires careful consideration of each individual instance, the impact of various technology, and any potential competing legal justifications.
Setting priorities is also important. It is obvious that more is at risk in some situations (such as unlawful processing and express permission). It is also obvious that priority should be given to data pertaining to minors. Although there are many exceptions in practise, it is important to understand the justifications for exercising the right to erasure. Some context was given to the infographic.