(June 28, 2013) The June 25, 2013, opinion of the Advocate-General of the European Court of Justice, in which he held that Internet service providers are not required to delete personal data in the absence of a legal provision so requiring, may jeopardize the future of Internet users’ rights in a draft regulation on privacy that is currently pending in the European Parliament. (Benjamin Fox, EU Court: No “Right to Be Forgotten” in Data Rules, EU OBSERVER (June 26, 2013).)
Neither the 1995 Directive on the Protection of Personal Data nor subsequent legislation on protection of privacy in the telecommunications sector contains the “right to be forgotten.” Such a right first emerged in the European Commission’s draft regulation on privacy, which was proposed in January 2012 in an effort to modernize the EU privacy rules to accord with technological advances. Under this proposed right, Internet service providers, such as Google and Facebook, would have to eliminate personal data from their websites, if requested by individuals to do so, unless there is a compelling reason to deny such a request. (Nicolaj Nielsen, EU Bill Gives Web Users “Right to Be Forgotten,” EU OBSERVER (Jan. 1, 2012).)
The facts of the case in which the issue of the “right to be forgotten” was raised involve a Spanish citizen who asked Google to delete all links pertaining to a real-estate auction that werepublished in a Spanish newspaper in 1998. The auction was the result of personal debts. (Fox, supra.)
The Advocate-General stated that a national data protection authority cannot demand that an Internet search service provider take personal data out of its index, unless it had ignored exclusion codes or was asked to update its cache memory data. A related issue that the Advocate-General considered was whether Google was acting as a “controller.” On this point, he concluded that Google did not meet the definition of a “controller” because Google was merely gathering data and therefore was not responsible for deleting any data. (Id.)
The Advocate-General also concluded that the current data protection rules “[do] not entitle a person to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests.” (Id.)
The opinion of the Advocate-General does not bind the Court of Justice, but it is very influential and is rarely ignored by the Court. If the Court of Justice concurs with the opinion of the Advocate-General, the Commission must make the draft regulation conform with the Court’s ruling.
The opinion was welcomed by Google spokespersonWilliam Echikson, who pointed out that holding Google accountable for eliminating legitimate information “amounts to censorship.” (Id.)