Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
A fortnight ago, Europe’s top court, the European Court of Justice (ECJ) ruled that Google will not be required to apply the ‘right to be forgotten’ globally. This means that search results suppressed within Europe at the request of the individual, will still be available to searches outside Europe.
Sometimes referred to as the "right to erasure", the rule gives EU citizens the power to demand data, including search links, about them be deleted.
In 2015, French national privacy regulator – CNIL – ordered Google to remove search listings linking to pages that contained false or defamatory information about individuals.
Google implemented a geo-blocking feature that would prevent people searching from within the EU from being able to access search results that had been delisted. They did not impose the same restrictions on searches outside the EU. CNIL tried to fine Google 100,000 Euros for failing to delist the search results from Google sites worldwide. Google appealed against the fine to the European Court of Justice.
Google argued they wished to ensure the right to be forgotten was enforced in the EU while also balancing individuals’ rights to access information.
The Court ruled that EU law did not require search engine operators to “carry out such a de-referencing on all the versions of its search engine.” In other words, Google would only be required to delist results from Google sites based within the EU.
History of right to be forgotten
Although it had been discussed and ruled upon in European jurisdictions to varying degrees throughout the early 2000s, the right to be forgotten from search engine results in EU law derives from the case in which Spanish man, Mario Costeja González, took Google to court in Spain in 2014. Mr González was concerned that a Google search of his name brought up a 1998 Spanish newspaper article detailing how he had been forced to sell his property to repay social security debts. In the European Court of Justice, Mr González contended that this record was no longer relevant to his life as he had paid his debts to society. He argued that having the record so readily accessible to someone who searched his name on Google put a stain on his reputation.
The European Court of Justice declared that Google must remove the man's data from their indexes. The newspaper that originally published the article was allowed to keep the story of the forced sale on their site as it had been lawfully published.
In the five years since the 2014 ECJ ruling, Google has removed more than 800,000 URLs after receiving a request for erasure. It has retained more than a million others in its index.
In 2014, Privacy Commissioner John Edwards wrote this blog on the right to be forgotten. In the blog, the Commissioner wrote that that term “right to be forgotten” is inaccurate, imprecise and impossible.” It could mean removal of content from a public source, leaving a social network and taking your data with you but it could not mean an “enforced right to be forgotten.”
When the General Data Privacy Regulation (GDPR) was passed into law in the European Union in May 2018, Article 17 outlined circumstances in which someone can exercise the right to have their data erased.
The GDPR rule
The GDPR provision sets out that data must be erased immediately in the following circumstances:
The goal of the provision is not internet censorship but rather, that it should be difficult for someone to discern personal data without substantial effort.
What does this mean for New Zealand?
Neither New Zealand’s current Privacy Act 1993 nor the Privacy Bill currently before Parliament contain an equivalent to the EU’s right to be forgotten.
The Commissioner recommended the Bill offer the right to erasure, allowing people to require a company to delete all of their personal data and halt third-party processing of that data.
Our Office will continue to monitor judgments relating to the right to be forgotten with interest.
Back