EU Court Of Justice Advocate General: No Right To Be Forgotten; Google Not Responsible For What It Finds
from the getting-it-right dept
For years, we’ve discussed the very troubling concept, supported by many in Europe, of a right to be forgotten, which would allow someone to require that internet sites scrub any evidence of truthful historical events — such as a criminal conviction — if those events are embarrassing. If you believe in basic free speech rights, such a concept should be horrifying to you. Last year, we noted that a report put out by a European committee noted that it was basically technically impossible to really enforce a right to be forgotten, but the concept is still being widely pushed.
In a key lawsuit in Europe that alleges there already is such a right, and that Google needs to somehow scrub links to information that someone finds embarrassing, the advocate-general of the European Court of Justice, Niilo Jaaskinen, has stated clearly that there is no such right under European data and privacy laws and that the courts cannot require Google to remove links under such a claim. Specifically, Jaaskinen looked at the data protection directive in the EU and found:
…the Directive does not establish a general ‘right to be forgotten’. Such a right cannot therefore be invoked against search engine service providers on the basis of the Directive, even when it is interpreted in accordance with the Charter of Fundamental Rights of the European Union.
The rights to rectification, erasure and blocking of data provided in the Directive concern data whose processing does not comply with the provisions of the Directive, in particular because of the incomplete or inaccurate nature of the data. This does not seem to be the case in the current proceedings
Basically, there’s a right to fix misleading or incorrect data, not data that is accurate that you just don’t like.
Perhaps more importantly, the filing notes that it’s also ridiculous to blame a search engine for finding content that others posted, since the search engine is not responsible for that content. In other words, basic concepts of protection from secondary liability should apply:
In effect, provision of an information location tool does not imply any control over the content included on third party web pages. It does not even enable the internet search engine provider to distinguish between personal data in the sense of the Directive, which relates to an identifiable living natural person, and other data. In his opinion, the internet search engine provider cannot in law or in fact fulfil the obligations of the controller provided in the Directive in relation to personal data on source web pages hosted on third party servers.
Therefore, a national data protection authority cannot require an internet search engine service provider to withdraw information from its index except in cases where this service provider has not complied with the exclusion codes4 or where a request emanating from a website regarding an update of cache memory has not been complied with.
Of course, this is just the advocate-general’s position, and the ECJ could decide to rule otherwise, but it appears to often pay close attention to what the advocate-general submits to the court. Hopefully the court’s eventual ruling agrees with this common sense approach, and doesn’t create a bogus right to be forgotten and then, even worse, puts the liability on third parties for enforcing it.