Tagged: Google

The territorial reach of the “right to be forgotten”: think locally, but act globally?

By Brendan Van Alsenoy and Marieke Koekkoek

In May of this year, the Court of Justice of the European Union (CJEU) decided that individuals can ask Google to stop referring to certain information about them, as discussed previously on this blog. The CJEU’s recognition of this so-called “right to be forgotten” has kicked up quite a storm. Now that the dust is beginning to settle, it is time to direct our attention to questions of practical implementation. One set of questions is about territorial reach. How far should the right to be forgotten extend, geographically speaking? Should Google, upon finding that an individual’s request is justified, modify its search results globally? Or should it only modify search results shown within the EU?And if so, how useful or effective is this right to be forgotten then?

Continue reading

Rising like a Phoenix: The ‘Right to be Forgotten’ before the ECJ

By Orla Lynskey

Judgment of the Court (Grand Chamber) in C-131/12 Google Spain v AEPD and Mario Costeja Gonzalez

 When Advocate General Jääskinen delivered his Opinion in the Google Spain case in June of last year (as commented upon on this blog here), it seemed to many (myself included) that it was the last nail in the coffin of the controversial ‘right to be forgotten’ provided for in the EU’s Proposed Data Protection Regulation. The judgment of the Grand Chamber of the Court of Justice delivered this morning in this case would however indicate otherwise. Indeed, it seems to follow from the judgment, which comes down decisively in favour of data protection and privacy when balanced with freedom of expression, that a ‘right to be forgotten’ already exists in the EU data protection regime in all but name only. For an assessment of the implications of this case, skip right to the bottom of this lengthy post!

Continue reading

Walking the Data Protection Tightrope: The Google Privacy Policy Investigations

On 2 April 2013, Data Protection Authorities (DPAs) in six EU Member States (France, Germany, Italy, the Netherlands, Spain and the United Kingdom) announced the launch of an official investigation regarding the compliance of Google’s revamped privacy policy with national data protection rules.

This announcement came over one year after the EU’s advisory body on data protection – the Article 29 Working Party – first contacted Google regarding the changes to its privacy policy which came into force on 1 March 2012. Since this first contact, Google formally responded to two questionnaires sent on behalf of the Article 29 Working Party and based on its responses, the Working Party sent Google a letter attaching its main findings and recommendations in October of last year.

Google’s new privacy policy effectively merges the individual privacy policies which were previously in place for Google services. Therefore, rather than having separate privacy policies for services such as Gmail, Google +, Google Maps and YouTube, users of Google services can now access one comprehensive document outlining Google’s privacy policy for all services. ‘Sounds wonderful’ you may be thinking: however, not so, according to national DPAs in the EU. This amalgamated privacy policy may be problematic from a data protection perspective for two (overlapping) reasons: its alleged lack of transparency and the data pooling it facilitates. Continue reading