Google finally got some good news from Europe.
Judges at the Court of Justice of the European Union ruled Tuesday that the search giant does not have to apply some of the regions privacy standards globally, a blow to Europes efforts to export its digital rulemaking beyond the borders of the 28-country bloc.
In its decision, the Luxembourg-based court said the so-called right to be forgotten — or the ability for people based in Europe to demand that Google and others remove certain results linked to peoples names from search results — should only apply within the European Union.
“The Court concludes that, currently, there is no obligation under EU law, for a search engine operator who grants a request for de-referencing made by a data subject, as the case may be … to carry out such a de-referencing on all the versions of its search engine,” the court wrote in a statement. “However, EU law requires a search engine operator to carry out such a de-referencing on the versions of its search engine corresponding to all the Member States.”
The case pitted Frances privacy regulator against the American tech giant over how Google should apply the privacy ruling across its global digital empire.
It represented a test of how far Europe could push its own digital standards onto the rest of the world, and highlighted how powerful regulators in Brussels and national capitals have now become in deciding how the likes of data protection and competition rules are implemented across the region and beyond.
“Its a significant judgement,” said Christopher Kuner, professor of the Brussels Privacy Hub at the Vrije Universiteit Brussel. “But I dont think it will hinder the expansion of EU data protection law, it will still be influential in other countries.”
The French data protection watchdog — the Commission nationale de linformatique et des libertés, or CNIL — had said that only applying the privacy standard globally, and not just within Europe, could guarantee these links would not show up in regular Google searches in a breach of European law.
“The CNIL will fully analyze the rulings in detail in the coming days,” Frances data protection authority said after the ruling.
The agency had fined the search engine €100,000 for failing to apply the privacy standard worldwide, which the company had then appealed to Europes highest court.
“Once its accepted that something should be taken down, it should apply globally,” Gwendal Le Grand, the CNILs director of technology and innovation told POLITICO before Tuesdays ruling was published.
Google had pushed back on that view, asking Europes highest court to rule on what geographical limits, if any, should be applied to the regions right to be forgotten. The EUs privacy standard has been copied by others, notably in Russia, but has faced legal pushback elsewhere, including in the United States, over concerns about the right for people to access information online.
During a legal hearing in Luxembourg last year, the search engines lawyers had warned the judges about the harmful effects that a global ruling would have on how people could access information over the internet if Europe was allowed to extend its own privacy standards globally.
“Weve worked hard to implement the right to be forgotten in Europe, and to strike a sensible balance between peoples rights of access to information and privacy,” Peter Fleischer, Googles global privacy counsel, said in a statement. “Its good to see that the Court agreed with our arguments.”
The CNIL on Tuesday acknowledged the court went against the French watchdogs analysis on territorial scope. But “if the court does not grant dereferencing a global reach, it does say that dereferencing should be done at EU-level, and not only in the country of residence of the plaintiff,” the privacy regulator said.
In a separate, but related ruling, the judges said that search engines like Google must remove so-called sensitive data like a persons ethnicity from search results, though should balance those requests with others Read More – Source