IAPP-GDPR Web Banners-300x250-FINAL

It’s been almost a week since the Court of Justice of the EU made history by ruling Google would have to provide its users, in specific circumstances, with the option of having links to information about them deleted. As my colleague Jedidiah Bracy, CIPP/US, CIPP/E, noted in his initial report on the decision on May 13, “An individual’s fundamental rights, the court also ruled, override ‘the economic interest of the operator of the search engine but also the interest of the general public’ in having that information. The exception would be the role played by the subject in public life and if the general public’s right to access the information is justified.”

In the days since, publications from across the globe featured headline after headline on the implications of this decision and the questions that remain.

A USA Today feature from Friday evening, May 16, quotes IAPP Europe Managing Director Rita Di Antonio, CIPP/E, who responded to the question of how the requirement will be put into practice.

"That's the question that everybody is asking themselves at this point," she told USA Today.

The article also quotes a statement from Google that “this is logistically complicated—not least because of the many languages involved and the need for careful review. As soon as we have thought through exactly how this will work, which may take several weeks, we will let our users know.”

Three days later, BloombergBusinessweek reported French data protection authority (DPA), the CNIL, indicated “more citizens are asking for help getting their personal information removed from search engines,” with CNIL President Isabelle Falque-Pierrotin commenting on how EU DPAs will enforce the ruling.

Amidst reports of some 1,000 takedown requests in the first days following the ruling, PC World reports, “In order to deal with these requests Google plans to release an online tool to implement a procedure for a right to be forgotten, or rather for the right not to be found, said Johannes Caspar, Hamburg’s Commissioner for Data Protection. The system will include an authentication mechanism to prevent unauthorized takedown requests, he added."

The report notes a Google spokesman would not comment on how the system would work, and highlights reactions from various EU DPAs.

Falque-Pierrotin is quoted by Bloomberg as saying, “The idea that companies like Google are too powerful to respect European rules—we’ve proven that idea wrong. It’s prompting citizen reactions.”

In an op-ed for The Guardian, however, Mark Stephens of the Global Network Initiative shares a very different perspective on the implications of the ruling.

“Last week's judgment by the European court of justice allowing anyone to demand that a search engine should remove unwanted information from its index—even if it is accurate, lawful and publicly available elsewhere—is a dangerous step in the wrong direction,” he writes, adding, “Since the ruling an ex-politician seeking re-election, a man convicted of possessing child abuse images and a doctor seeking to remove negative reviews from patients, are reported to be among the first to send takedown notices to Google. Privacy is a universal right that must be protected, but this overreaching judgment is far more likely to aid the powerful in attempts to rewrite history, than afford individuals more influence over their online identities.”

Prof. John Naughton, author of From Gutenberg to Zuckerberg: What You Really Need to Know About the Internet, writes for The Guardian on the question, “So, is the judgment the thin edge of a censorship wedge?” He continues, “We'll have to see how it pans out. After all, the ruling does not preclude anyone from publishing anything on a website (subject to the usual restrictions about libel, hate speech, Holocaust denial, etc.): It just makes that information harder to find. Why? Because if Google can't (or chooses not to) find a website, then for practical purposes that website doesn't exist.”

And a Forbes report takes a look at the clash between this “right to be forgotten” or “right not to be found,” as some are calling it, and the “right to know” in the U.S. In the report, journalist Daniel Fisher asks, "Will it create yet another World Wide Web, censored, like in China, to protect users from knowing too much? Or will it prove unworkable, as did Europe’s generally toothless regulations on the long-term storage of personal data?”

Meanwhile, Zeynep Tufekci writes for Medium on another potential ramification of the ruling, questioning, “Is there a right to forget a genocide? Or at least the ethnic divisions upon which a society fractured and bled? It may seem like an extreme jump, from drunken adolescent photos to genocide and ethnic cleansing, but the shape, and filters, of a society’s memory is always more than just about individual embarrassment or advancement. What we know about people, and how easily we can identify or classify them, is consequential far beyond jobs and dates, and in some contexts may make the difference between life and death.”

Without question, the questions around this decision and its implications are not going away.

Editor’s Note: The IAPP will host a web conference, “The European Court of Justice Google DecisionWhat Will the Impacts Be?” on Friday, May 30, to delve deeper into the ramifications of the decision and its implications going forward. The expert panel will include National Constitution Center President and CEO and George Washington University Law Prof. Jeffrey Rosen, European University Institute and University of Bologna Professor of Legal Informatics and Legal Theory Giovanni Sartor and Hogan Lovells Partner and Global Privacy Practice Head Christopher Wolf.

Written By

Jennifer Saunders, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»