The same court ruled Tuesday that Google does not have to remove links to people’s sensitive data beyond the E.U.’s 28 member states. The case offered a lens into how and whether different jurisdictions and their courts can police the Internet. The “right to be forgotten” law also tackles evolving questions about whether people can demand that their data be removed from search engines without interfering with free speech and the public’s right to information.
In a statement Tuesday, the court said that “currently, there is no obligation under E.U. law, for a search engine operator … to carry out such a de-referencing on all the versions of its search engine."
Still, the court said that a search engine operator has to adopt measures that discourage Internet users from venturing outside the E.U. to find sensitive information.
Peter Fleischer, Google’s senior privacy counsel, said in a statement Tuesday that “since 2014, we’ve worked hard to implement the right to be forgotten in Europe, and to strike a sensible balance between people’s rights of access to information and privacy."
“It’s good to see that the Court agreed with our arguments, and we’re grateful to the independent human rights organisations, media associations and many others around the world who also presented their views to the Court,” Fleischer said.
Those who contend the rule should be extended worldwide point out that it is easy to operate outside of country-specific versions of search engines. All it takes, for example, is to hop from Google.fr to Google.com to locate information that isn’t allowed within E.U. searches.
Google, meanwhile, had the support of Microsoft, the Wikimedia Foundation (which owns Wikipedia) and the Reporters Committee for Freedom of the Press. Others argued that the case could set a dangerous precedent for more restrictive governments around the world to adopt their own means of censoring the Internet.
In the United States, members of the Federal Trade Commission have called on Congress to create a national privacy law that would regulate how large tech companies use personal data. But even those discussions are well beyond laws already on the books in Europe. Other countries, including Canada, Chile, India, Brazil and Mexico, are considering measures of their own.
Meanwhile, Google is facing pressure from E.U. regulators. In March, the governing body fined the tech giant about $1.7 billion for advertising practices that the bloc said violated antitrust laws. In 2018, the E.U.’s antitrust commission fined it $5 billion and ordered the company to change its practices around search and Web browser functions in Android phones. That fine followed a $2.7 billion penalty on Google for how it steered users toward its comparison shopping site.
Legal analysts and tech policy experts said the ruling applied appropriate limits on Europe’s influence when it comes to regulating the global Internet. Daniel Castro, vice president of the Information Technology and Innovation Foundation, said the E.U. shouldn’t be allowed to impose its own rules on other countries, and that the bloc should “seek to strike a better balance as it crafts other laws and regulations affecting the Internet.”
A different ruling would have set a precedent for other regimes around the world to have their rules implemented anywhere, said Patrick Van Eecke, global chair of the data protection practice at DLA Piper, based in Brussels.
Still, some might find Tuesday’s decision frustrating, as people can still access search results that have been scrubbed in Europe “when performing the same search on Google in New York, Shanghai or any other place in the world,” Van Eecke said.