The European Court of Justice held on Tuesday that Google does not need to remove personal information upon request from versions of its search engine outside of the EU.
“Right to be forgotten” laws, first passed by the EU in 2014 and expanded under the General Data Protection Regulation (GDPR) in 2018, allow a person to request that personal information be removed from online databases, including search engines. Google has complied by blocking the requested information in its search results for countries in the EU but has not removed the search results elsewhere in the world. French privacy regulator Commission Nationale de L’informatique et des Libertés (CNIL) fined Google in 2016 for failing to remove requested information in all of the company’s search engines worldwide. Google appealed the fine to the EU court, arguing that the EU laws only applied to the European versions of its search engines. Google was supported by other organizations such as the Wikimedia Foundation, owner of Wikipedia, and the Reporters Committee for Freedom of the Press, who argued that a worldwide right to be forgotten could be potentially abused by governments to hide human rights abuses and unlawful conduct.
The court ultimately agreed with Google, stating that the EU law was not written to apply worldwide. It was “not apparent from the legal texts that the EU legislature … has chosen to confer a scope on the rights of individuals which would go beyond the territory of the Member States.” In addition, the GDPR provisions do not “provide for cooperation instruments and mechanisms as regards the scope of a de-referencing outside the EU,” making imposition of a worldwide ban difficult to enforce. However, the court reiterated that Google was required to obey the law for all requests for all products inside the EU, including implementing geoblocking measures to prevent blocked search results from appearing in the EU by using an international version of the search engine where the information isn’t removed.