EU court rules Right To Be Forgotten doesn't apply outside member states

International sites needn't worry about European findings

The so-called Right To Be Forgotten from unflattering search results does not extend outside the EU's borders, the European Court of Justice ruled this morning.

In a 25-page judgment (PDF) the EU's top court said that the bloc's internal rules about search engine results did not apply outside its borders because there were no legal mechanisms for them to do so.

Search engines such as Google are "not required to carry out [deletion of people's names from search results] on all versions of [their] search engine," which means that international or country-specific versions of Google results are exempt from EU laws.

The ruling follows an opinion from a senior EU lawyer earlier this year which came down in Google's favour and opposed French data protection body CNIL.

CNIL, which appealed a local case it brought against Google up to the EU, had previously imposed a €100,000 fine against Google for ignoring its demands to delete search results from, the US flavour of the world's most well-known search engine.

Thirteen EU judges ruled today that "there is no obligation under EU law, for a search engine operator who grants a request for de-referencing [deletion] made by a data subject... to carry out such a de-referencing on all the versions of its search engine."

Referring to internal EU mechanisms for deleting search engine results about named people, the court ruled that "EU law does not currently provide for such cooperation instruments and mechanisms as regards the scope of a de-referencing [deletion of search results] outside the [European] Union."

The ruling will be regarded as a major blow by those who believe EU laws could form a heavyweight alternative to the largely American underpinnings of internet law today. It will be welcomed by those who oppose countries that insist their domestic laws apply outside their territorial borders.

Patrick van Eecke, global chief of law firm DLA Piper's data protection practice in Brussels, commented: "I believe that the European Court made a wise and legally correct decision by acknowledging that the European data protection rules do not rule the world. If the judges decided otherwise... this would have set a precedent for other regimes to have their rules apply outside of their territory as well."

Wikipedia's corporate owners, the Wikimedia Foundation, and Microsoft were among the parties interested in the Luxembourg lawsuit.

EU laws within EU borders

While search results in the UK will still be filtered in accordance with EU law, Britons and Google alike will be able to get around those filters.

Google's position has long been that it is criminals and politicians who mainly benefit from the RTBF, something given more weight when two convicted criminals sued Google in the High Court last year to force the deletion of search results about their dodgy pasts.

A German Pirate Party MEP, Patrick Breyer, was quick off the blocks with a canned comment, opining: "Blocking search engine references to legal content has little to do with an effective 'right to be forgotten' – all the more so when geo-blocking is used to build borders in the global internet. Instead of ineffective blocking policies, illegal content should be deleted where it is stored."

Google itself hasn't responded to The Register's invitation to tell us what it thinks about the ruling, presumably having remembered what happened when it asked London's High Court to treat its search engine as a form of journalism. Mr Justice Warby did not do that.

The full judgment can be read here (PDF) and a reasonably readable press summary is here (PDF). ®

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021