No Europe, Google does not have to delete all your personal data

EU court did not create true right to be forgotten, experts said at a forum

A Google representative confirmed on Thursday that the so-called European right to be forgotten will not apply to the domain, nor for that matter to country-specific Google domains outside of Europe.This means that, in practice, query results the company stops showing on its European domains will still turn up on its other sites, including its main one.The comments, made at a forum in Brussels on Thursday by Marisa Jimenez, Google's privacy policy counsel, provoked disbelief. The domain was not targeted at the EU in general, she said. The comments come following widespread media speculation that a May 13 ruling by the European Court of Justice created this new right to be forgotten.However, experts from the European Commission and the European Data Protection Supervisor were at pains this week to point out that the court was simply applying the current Data Protection Directive to a search engine.The ECJ was asked by Spanish courts to rule on a case involving Costeja González, a 58-year-old lawyer, who claimed that Google was directing people to outdated and irrelevant information about him, specifically a 10-year-old Spanish newspaper notice about a mortgage foreclosure against him.The court decided that a search engine, in this case Google, did constitute a data controller and as such was subject to the 1995 law. Google was ordered to remove the links.Jimenez said on Thursday that the company had been very surprised by the ruling, particularly as it went against the advice of the ECJ's advocate general. However, she added that extrapolating the ruling to mean that the Internet can somehow "forget" was wrong.Joe McNamee, from the European Digital Rights group, EDRi, concurred. "There is no real right to be forgotten," he said at the forum. "The information is still indexed, it's just that a search involving a person's name will not call it up. Users can still find the information using other search terms."He added that he did not believe the ruling would have a huge practical impact. Google has so-far received 41,000 requests to remove links to information, but McNamee pointed out that this is not a huge number compared with the EU's 500 million citizens. However, he said that the principle of a private company making decisions about the balance between the right to privacy and public interest or freedom of expression, was completely wrong. "No private company should be making these decisions," he said.Jimenez said that "the vast majority of cases" have to do with newspapers and legal cases, so it is not easy." She added that everyone who fills in the webform requesting a link be removed would get an acknowledgement.She said there had been quite a few requests from former politicians requesting that links to newspaper articles be removed. However in the ruling, the ECJ made clear that any right to be forgotten must be balanced against the the interests of the public having access to that information. "The role the person requesting the deletion plays in public life might also be relevant," reads a European Commission statement.There have also been requests from individuals offering services such as painting and decorating to have links to comments about their work removed prompting speculation that the ruling could have broad implications for review sites."We are getting a lot of questions from all sectors," said Christopher Kuner, a partner at Wilson Sonsini Goodrich & Rosati law firm in Brussels. "In some cases the ruling clearly doesn't apply, but there is a very broad grey area. It is certainly about much more than just Internet search engines."Meanwhile Google had been criticized by the Hamburg data protection commissioner, Johannes Caspar, for requesting proof of identity from individuals asking for links to be removed. But Jimenez said on Thursday that there was no requirement for photo ID unless it was in relation to requests to remove image links.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags Googleregulationsecuritylegislationgovernmentprivacy

More about EUEuropean CommissionGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jennifer Baker

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place