On 26 November the Article 29 Working Party (“WP29“) issued WP225 (the “Opinion“). Part I of the Opinion provides guidance on the interpretation of the Court of Justice of the European Union ruling on Google Spain and Inc v the Spanish Data Protection Authority and Mario Costeja Gonzalez (the “Ruling“) and in part II the WP29 provides a list of common criteria that the European Regulators would take into account when considering right to be forgotten (“RTBF“) related complaints from individuals.
The Opinion is in line with the Ruling but it further elaborates on certain legal and practical aspects of it and it offers, as a result, an invaluable insight into European Regulators’ vision of the future of the RTBF.
Some of the main ‘take-aways’ are highlighted below:
One of the most controversial conclusions in the Opinion is that limiting the de-listing to the EU domains of the search engines cannot be considered sufficient to satisfactorily guarantee the rights of the data subjects and that therefore de-listing decisions should be implemented in all relevant domains, including “.com”.
The above confirms the trend of extending the application of EU privacy laws (and regulatory powers) beyond the traditional interpretation of current territorial scope rules under the Data Protection Directive and will present search engines with legal uncertainly and operational challenges.
The Opinion argues that the precedent set out by the judgment only applies to generalist search engines and not to search engines with a limited scope of action (for instance, search engines within a website).
Even though such clarification is to be welcome, where does this leave non-search engine controllers that receive right to be forgotten requests?
What will happen in practice?
In the Opinion, the WP29 advises that:
- Individuals should be able to exercise their rights using “any adequate means” and cannot be forced by search engines to use specific electronic forms or procedures.
- Search engines must follow national data protection laws when dealing with requests.
- Both search engines and individuals must provide “sufficient” explanations in their requests/decisions.
- Search engines must inform individuals that they can turn to the Regulators if they decide not to de-list the relevant materials.
- Search engines are encouraged to publish their de-listing criteria.
- Search engines should not inform users that some results to their queries have been de-listed. WP29’s preference is that this information is provided generically.
- The WP29 also advises that search engines should not inform the original publishers of the information that has been de-listed about the fact that some pages have been de-listed in response to a RTBF request.