Thursday

21st Jan 2021

Analysis

GDPR does not (yet) give right to global oblivion

  • If an EU citizen has established that his personal data should be removed, does that also apply to those accessing the internet outside the EU, like in Laos? (Photo: Jon Rawlinson)

EU citizens will see their 'right to be forgotten' online enshrined in EU law on Friday (25 May), but its effectiveness and reach will depend on a case which is still pending in front of the Court of Justice of the EU.

The general data protection regulation (GDPR), which will apply as of Friday, gives EU citizens the right to demand from companies or organisations to have their personal data removed, under certain circumstances.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

But it is not yet clear to what extent the right to have personal data erased or removed from search engine results will apply globally.

"This issue is just now pending in front of the Court of Justice: the reach, the applicability of the decisions by our data protection authorities," said a European Commission official on Wednesday, on condition of anonymity.

"We cannot apply our EU law extraterritorially. … How does it work in such a medium as internet?"

The provision in GDPR follows an earlier ruling by the Luxembourg-based EU court in 2014, which said that search engines had to remove results related to an EU citizen's name if they were "inadequate, irrelevant or no longer relevant".

However, the question is how such a right can be effectively applied in light the global nature of the internet.

The French data protection authority (DPA) was one of the most aggressive DPAs enforcing the right to be forgotten – which has since become known as 'delisting' or 'de-referencing'.

In 2016, it demanded that Google not only delist information from French citizens from the search engine's French version Google.fr, but also from Google.com and other non-French domain names - which, because of the global nature of internet, are available to French users too.

Google disagreed.

Last year, France's highest administrative court, the Council of State asked the Court of Justice of the EU for advice.

It asked if the right to be forgotten also requires a search engine to remove data from its domain services outside the EU.

The Council of State also asked if a company should use geo-blocking to comply with the right to be forgotten.

Geo-blocking is a technique via which a website checks the geographical location of the user requesting a page and blocks users from certain geographical areas.

This approach could lead to removed information still remaining available to users outside the EU.

That might not necessarily be a bad thing.

There is a tension between the right to be forgotten and human rights, in particular freedom of expression and freedom of information.

One unintended consequence of a rigid global application of the right to be forgotten could be a stifling effect on freedom of speech in the rest of the world.

However, geo-blocking is not foolproof and there are ways to circumvent it.

Feature

Nine lines that changed history - at least on the internet

Google has removed 800,000 search results across the EU following complaints from citizens, without the public knowing what has been removed, why it was removed or who complained. We revisit the case that rewrote history online.

EU sides with Google in data protection case

The European Commission suggests the French data protection watchdog overstretched its remit to make Google delist names on a global scale from search query results, as part of the 'right to be forgotten' rule in the EU's data protection regulation.

GDPR - a global 'gold standard'?

The new EU privacy rules are touted as a global 'gold standard' - but Mexico's former data commissioner warns some nations are far from ready.

News in Brief

  1. Brexit prompted finance exodus from UK to France
  2. Italian PM Conte wins confidence vote in Senate
  3. Borrell washes hands of EU's Venezuela policy
  4. Russia backs Greece in eastern Mediterranean dispute
  5. 'Ski-holiday' Switzerland reaches new infection high
  6. Germany extends lockdown, others expected to follow
  7. Barnier to be Brexit special adviser to von der Leyen
  8. EU commisioner to visit Bosnia's Lipa migrant camp

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Stakeholders' Highlights

  1. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  2. CESIKlaus Heeger and Romain Wolff re-elected Secretary General and President of independent trade unions in Europe (CESI)
  3. Nordic Council of MinistersWomen benefit in the digitalised labour market
  4. Nordic Council of MinistersReport: The prevalence of men who use internet forums characterised by misogyny
  5. Nordic Council of MinistersJoin the Nordic climate debate on 17 November!
  6. UNESDAMaking healthier diets the easy choice

Latest News

  1. MEPs call to halt Russia pipeline over Navalny arrest
  2. EU targets vaccinating 70% of adults by summer
  3. Portugal pushes to start delayed 'future EU' conference
  4. EU Parliament pressing for inquiry into Frontex
  5. Untapped potential of the single market could boost European recovery
  6. Biden's 'Age of Aquarius'? Mars and Venus will clash over China
  7. The new dimension of 'ever-closer union'
  8. What do new CDU chief's pro-Russia views mean for Europe?

Join EUobserver

Support quality EU news

Join us