The ‘Right to Be Forgotten’ ruling allows European citizens to request information they consider to be old, inaccurate or misleading to be removed from Google search result pages for specific terms. For instance, Google would delink a successful applicant’s personal information for specific search terms (usually their name), even though it would remain available at the original source. Applicants can be rejected if the information is considered to be of public interest.
To streamline this process, Google provides European users with a web form where they can submit their requests and exercise their ‘right to be forgotten’. I covered the original landmark ruling and outlined the initial impact for businesses last summer for our Insights blog. So, what happened after the decree took full effect?
Since the European Court of Justice (ECJ) approved the RTBF, the following websites saw the most URL removals:
Google’s Transparency Report shares information about RTBF’s impact.
As expected, websites that hold and display information about individuals took the worst hit, with Facebook right at the top. Although Google is an American company, they had to comply with the European ruling for their assets spread across the continent. After the launch of Google’s application to manage European requests, all seemed to be under control, despite the occasional debate between free speech and privacy advocates.
But, a recent uproar has dominated the digital headlines. The French regulator, Commission nationale de l'informatique et des libertés (CNIL), sent a formal notice to Google, ordering the RTBF ruling to be applied for European citizens, on extensions of the search engine across the globe. Here, I explore the complaint, reaction and potential impact.
Behind the French Complaint
If approved by Google, a European individual’s information would be removed from search engine results from local domains only. For instance, a successful French citizen’s troublesome pages would no longer be visible on European domains, including google.co.uk and google.fr. However, their information would still be visible on search results returned by google.com, which Google considers as an American domain (although the domain is easily accessible by anyone from Europe).
Because of this, some European data protection regulators were left unimpressed with the power of the ruling. After all, if URLs can only be delisted from country-specific versions of Google, then how effective can the RTFB ruling really be for Europeans who are legally entitled to the ruling?
This question prompted the French CNIL to send a formal 15-day notice to Google HQ this summer, ordering the delisting process to be applied across all domains, on a global scale.
Google Says Non
Of course, the complaint is surrounded by controversy. Some believe the global extension is simply unnecessary, given the majority of European Google searches use the country-specific version of their site. From hunting through the source code of a recent Google report, The Guardian even discovered over 99% of successful requests removed private, personal details; not the sensational categories (including serious crime, political or public figures) deemed in the public interest by publications.
Google’s Global Privacy Counsel, Pete Fleischer provided more detail about their reaction in a recent blog post. Although the RTBF ruling is now a law in Europe, it is not the law globally. He argues there are plenty of cases where content is deemed illegal in one country, but is perfectly legal in another. For example, any content relevant to particular songs by various artists such as Katy Perry and Lady Gaga have been blacklisted by the Chinese Government, and eradicated across their web – but clearly not here. This could have extreme consequences, given Fleischer’s references to country-specific restriction of ‘propaganda’.
“If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom,” Peter Fleischer posted. “In the end, the Internet would only be as free as the world’s least free place.”
Overall, a Google spokesperson has diplomatically declined to conform to demands of the French.
“…As a matter of principle, we respectfully disagree with the idea that a national data protection authority can assert global authority to control the content that people can access around the world.”
Next, the French CNIL could move their complaint to the European courts. This leaves digital commentators to speculate on the potential consequences of either decision. After all, the debate isn’t an easy one to resolve, with layers of potential complication building on the original ruling. Most would defend individuals’ right to privacy, and disguising sensitive personal information, But deciding whether a subject is of public interest on a global scale is a different story – and should Google really be in charge?
Personally, I find the global expansion of the RTBF ruling completely unnecessary, as there are other ways of managing privacy, which will not conflict with freedom of speech. Allowing the ruling to spread globally will only make more room for animosity to accumulate between different nations - after all, no one nation is the same. The ruling could easily spiral out of control in the future where we see countries taking advantage of it by using it for false purposes such as forcing content restrictions beyond the subject of privacy.