Article Lead Image

Google must extend ‘right to be forgotten’ deletions to its entire network

Google has warned that spreading 'right to be forgotten' further could have a chilling effect online.

 

Eric Geller

Tech

Posted on Sep 21, 2015   Updated on May 27, 2021, 10:53 pm CDT

Google cannot restrict its compliance with a major European privacy requirement to its European-language domains, a French privacy regulator has ruled.

European citizens can request that Google delete old and damaging information about them under Europe’s so-called “right to be forgotten.” But as Google has complied with these requests, it has only deleted search results on its European domains, like google.fr and google.es.

On Monday, the Commission Nationale de l’Informatique et des Libertés (CNIL), France’s data protection regulator, ruled that Google’s regional deletions were insufficient. To fully comply with the European privacy scheme, it found, Google had to delete applicable search results from google.com and other non-European versions of its site.

“Geographical extensions are only paths giving access to the processing operation,” the CNIL said in a statement. “Once delisting is accepted by the search engine, it must be implemented on all extensions, in accordance with the judgment of the [European Court of Justice].”

The ECJ declared the “right to be forgotten” to be binding European law in May 2014. A year later, the CNIL ordered Google to change how it complied with RTBF requests, but the company resisted the move, calling it “a troubling development that risks serious chilling effects on the Web.”

“If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom,” Peter Fleischer, Google’s global privacy counsel, wrote at the time. “In the end, the Internet would only be as free as the world’s least free place.”

The CNIL rejected that argument. It pointed out that not deleting information covered by the ECJ’s ruling on all domains would allow Europeans’ privacy rights to be “easily circumvented” by changing the version of Google that one visited.

“This would equate [to] stripping away the efficiency of this right,” the CNIL said, “and applying variable rights to individuals depending on the internet [sic] user who queries the search engine and not on the data subject.”

In the wake of the landmark European court ruling, U.S. regulators face pressure from privacy groups to extend that right to American citizens. Consumer Watchdog is now pushing the Federal Trade Commission to make Google comply with Americans’ RTBF requests.

H/T Ars Technica | Photo via Nathan Hughes Hamilton/Flickr (CC BY SA 2.0) | Remix by Jason Reed

Share this article
*First Published: Sep 21, 2015, 1:09 pm CDT