privacy
Implementing the right to erasure: the judgment of the EU Court of Justice in Google v CNIL
By Cedric Ryngaert and Mistale Taylor
On 24 September 2019, the Court of Justice of the EU (CJEU) rendered its judgment in Google v CNIL on the geographic scope of implementation of the right to erasure (also known as the right to be forgotten or the right to be de-referenced). The judgment has received substantial media coverage (see, e.g., here and here), but press reports have paid little attention to its legal nuances. This blogpost provides such legal analysis, and reflects on the jurisdictional aspects of the judgment, in particular on the territorial reach of decisions to de-reference search results. The post argues that the CJEU deserves credit for displaying jurisdictional reasonableness, and on that basis rejecting an obligation for search operators to de-reference search results on all versions of their search engine. However, the CJEU pays conspicuous deference to EU Member State authorities, and gives little specific guidance as to how exactly these authorities are to determine the scope of implementation of the right to erasure.
Read moreDutch DPA shares new data about the Right to be Forgotten
Three years ago, the European Court of Justice gave judgment in the Google Spain-case, which established the so-called ‘right to be forgotten.’ This right enables individuals to require from search engines that they remove irrelevant search results for searches on their name.
Mag de Amerikaanse justitie onze emailgegevens inkijken?
Europese gebruikers van Gmail, Hotmail en MSN zijn voorlopig veilig voor de lange arm van de Amerikaanse wet. Een Amerikaanse rechtbank besliste vorige week (14 juli 2016) dat de Amerikaanse justitie Microsoft niet kan dwingen emailgegevens over te leggen die in een Iers datacentrum waren opgeslagen. De beslissing zou echter zomaar een Pyrrusoverwinning kunnen zijn voor internationaal opererende Internetproviders en gebruikers bezorgd om hun privacy. Niet alleen kan de Amerikaanse justitie nog in beroep gaan bij het Amerikaanse Hooggerechtshof, ook kan het Amerikaanse Congres steeds een andersluidende wet aannemen. De beleidsvraag hierbij is hoe we een efficiënte bestrijding van de transnationale misdaad kunnen verzoenen met adequate gegevensbescherming en respect voor de soevereiniteit van andere landen.
Read more
Facebook, the NSA and Data Protection: not so ‘frivolous and vexatious’ anymore? [i]
A look at the Advocate General’s opinion in Maximillian Schrems v Data Protection Commissioner.
Your average Facebook-using EU resident, whilst often being blissfully unaware of the laws that apply to his or her personal data acquired by Facebook, has probably shown some concern about privacy rights, especially since the 2013 Snowden revelations. Then a young Austrian law student, Maximillian Schrems decided to take this concern further and in 2013 lodged a complaint with the Irish Data Protection Commissioner about Facebook transferring EU residents’ personal data to the US, where, he asserted, it was insufficiently protected. The complaint was rejected, and the case went before the Irish High Court and eventually the Court of Justice of the European Union (CJEU). CJEU Advocate General Yves Bot (AG) issued an opinion on 23 September, advising the Court in how to decide upon the case. Privacy activists, including Schrems, have welcomed this opinion and commentators are now rushing to speculate what the consequences will be. Whatever the eventual outcome, the AG’s opinion is in line with recent CJEU decisions that emphasise the importance of the fundamental right to data protection over other rights, freedoms, concerns and/or interests.