I. Introduction
Throughout history, humans ached for a chance to make a new beginning, to forget past misgivings and be forgotten. In Greek mythology, Lethe, was the mythological ancient Greek river of the underworld which offered the opportunity to any soul to forget about its previous life, and erase the memory of its existence from the mind of anyone who knew it as well. Human nature has not changed much, since ancient times. People wish that their wrongdoings are undone, or at least forgotten, so a new form of Lethe has arisen, the right to be forgotten.
The right to be forgotten is a right in the making. Even before the Court of Justice of the European Union (CJEU) established this right in 2014, in the case Google Spain v. Agencia Espanola, Its roots can be traced back mainly to two sources: (a) article 12 of Directive 1995/46/EC on Personal Data Protection which provided that an individual has the right to delete personal data about him/her, if such information was no longer necessary; and (b) the Commission’s proposal of a pending regulation (General Data Protection Regulation), which contains an explicit reference to such a right. According to Viviane Redding , the then Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship , the regulation’s goal is to protect internet users, while at the same time to respect the rights of freedom of speech and information.
In 2014, the CJEU established the right to be forgotten in its landmark Judgment in Google Spain v. Agencia Espanola The rationale behind the establishment of such a right was this right derives from today’s reality, that we live in an era of absolute digital memory where every action of individuals is recorded. In this way a person loses control over the information which refers to him. The right to be forgotten was created to balance this unlimited access to personal information and the individual’s right to his personal data. It grants the right to individuals to erase, under certain conditions, information from search engines, even though such information was legally published and thus the right to forget and be forgotten.
The CJEU’s decision raises a number of legal and social-economic questions. For instance, is the CJEU’s rationalization entirely correct? What about the impact of the decision on the right to freedom of expression and information? Does this decision affect the freedom to conduct a business? Is the exchange of information, not important for the cohesion of a society? Is this decision a stepping stone for possible enforcement of extreme censorship on the internet by individuals?
II. Background
The Google Spain v. Agencia Espanola case dates back to 1996, when Mario Costeja Gonzalez, a Spanish citizen, failed to pay his Social Security contributions, which resulted into a property auction. The property auction was announced in a newspaper of Catalonia named Vanguardia. Eventually, the debt of M.C. Gonzalez was settled, but the article concerning the auction, which also included his name, remained on the web.
Living under these circumstances for fourteen years, M.C Gonzalez filed a complaint to the Spanish Data Protection Agency (AEPD), stating that when a user typed his name in the google search engine, links to the article of the newspaper, referring to the auction and his name, appeared.
Gonzalez emphasized in his complaint the fact that the auction against him took place 14 years ago, that now all his debts were settled, any memory of the incident was totally unnecessary and the facts completely irrelevant. In this context, he claimed that the newspaper should be forced to remove or change the article related to him from its internet site and that Google should remove the links in question from the search results.
AEPD partly accepted his claims, and declared that even though the publication of the article from Vanguardia was legally justified since it was needed in order to attract the maximum attention of potential bidders in the auction, Google had to remove the links to the article in question. This decision was based on the fact that AEPD considered the given information personal data of M.C Gonzalez which he did not desire to be known to third parties and that Google had both the responsibility and the power to protect Mr. Gonzalez when it came to the domain of the information society.
As expected, Google Inc. and its subsidiary in Spain, appealed the ruling and brought the case in front of the Spanish National High Court.
The High Court decided to pose a number of preliminary questions to CJEU concerning the interpretation of certain provisions of the Data Protection Directive and the Charter of Fundamental Rights of the European Union upon which, the Spanish laws regarding the protection of personal data are based:
- Does Google Search operation qualify as “processing data”?
- Can Google be identified as the Controller of such a procession?
- May the national data-control authority (in this case the AEPD), impose on the search engine of the “Google” that it withdraw from its indexes an item of information published by third parties, without informing the original publisher ?
- Do the controllers of the procession of data have the obligation to erase that data even if they were initially legally published?
- Does the subject of the published data have, according to the directive 95/46, the right to object or demand the erasure of information from search engines directly from the search engines when he considers that it might be prejudicial to him or he wishes it to be consigned to oblivion, even though the information in question has been lawfully published by third parties?
III. Legal Framework
The right to be forgotten was created by the CJEU, it is not a right that can be found in any European Union legislation, with the exception of the proposed Regulation. Two key legal instruments are applicable to this case and were considered by the Court; (a) Directive 95/46/EC; and (b) articles 7 and 8 of the Charter of Fundamental Rights, which deal with the right of private and family life and protection of personal data, respectively.
Article 1 of the 1995 Data Protection Directive ensured that each EU Member State has to protect the right on personal data of the EU citizens.
Article 2 defines the subject who is protected by the Data Protection directive and who are the potential violators of the rights, as contained therein. e. In this case, two definitions are important, that of the processor of personal data and that of the controller of the engine that processes them.
The Data Protection Directive defines a controller as “the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;” As far as “processor”
shall mean: “a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller”
Article 6 of the Data Protection Directive provides the greatest safeguard that an individual may have against the processing and publication of his/her personal data, as it prevents data from being published more than necessary to complete the lawful purpose of their publication and that they must be complete and accurate by the time an internet user may track them.The CJEU interpreted article 6 and held responsible the processor of the information and not the initial publisher who legally published information.
Articles 7 and 13, contain the explicit exceptions to the prohibition of publication of personal data.
Article 14, gives the right to an individual to object to the publication of his personal data even against some information that is published according to the exceptions of Article 7.
Article 28, gives the right to an individual to file a complaint against the controller or operator of the processed information through a national committee in each member state which would allow it to erase the content.
IV. Opinion of the Advocate General
The Advocate General Niilo Jaaskinen in this case argued that even though the way “Google Search” operates is processing of personal data in the sense of Article 2(b) of Directive 95/46, he reached the following two conclusions:
(a) the internet search engine service provider cannot be considered as ‘controller’ of the processing of such personal data in the sense of Article 2(d) of Directive 95/46, with the exception of the contents of the index of its search engine, provided that the service provider does not index or archive personal data against the instructions or requests of the publisher of the web page.
(b)“The rights to erasure and blocking of data, provided for in Article 12(b), and the right to object, provided for in Article 14(a), of Directive 95/46, do not confer on the data subject a right to address himself to a search engine service provider in order to prevent indexing of the information relating to him personally, published legally on third parties’ web pages, invoking his wish that such information should not be known to internet users when he considers that it might be prejudicial to him or he wishes it to be consigned to oblivion.”
Based on the above, the Advocate General dismissed the idea that AEPD could ask from Google Spain to remove or erase any internet links which may refer to the name of Mr. Gonzalez unless the initial publication was illegal.
The Advocate’s conclusions were based on the facts that from a technical aspect Google could not be considered a controller of the search engine within the meaning of articles he 6, 7 and 8 of the Data Protection Directive, since the actual controller of the search engine, was in no condition to actually “control” whether the information gathered contained personal information.
In addition, the advocate claimed that a potential right to be forgotten was not compatible with the directive, especially with the articles 12b and 14 which need as a prerequisite for any information to be erased rectified or blocked, that the information in question is incomplete or inaccurate.
V. The CJEU’s Decision
Case C-131/12 is one of the very few cases in which the CJEU reached an opposite conclusion from that of the Advocate General.
The CJEU first established that Google’s activities, such as indexing it automatically, storing it temporarily and making it available to internet users according to a particular order of preference falls within the definition of “‘processing of personal data” in the meaning of directive 95/46and therefore, Google met the definition of a “processor.”
In that aspect the court agreed with the opinion of the advocate general who opined that : “It goes without saying that the operations described in the previous paragraphs count as ‘processing’ of the personal data on the source web pages copied, indexed, cached and displayed by the search engine. More particularly they entail collection, recording, organisation and storage of such personal data and they may entail their use, disclosure by transmission, dissemination or otherwise making available and combining of personal data in the sense of Article 2(b) of the Directive.”
The CJEU, in its analysis, reaffirmed the basic principles of the directive, which state that every person has power to control the information that refers to his/her name. The use of this information, without the initial consent of the individual concerned, is forbidden. In addition, the CJEU goes a step further and states that the right to be forgotten, as an aspect of the general right to privacy, is fundamentally superior to both the right to conduct a business and the right to information,. The only exception to this rule is when a person plays a role in the public life. In that case, the CJEU justified the publication of the information even without his consent and even if the abovementioned prerequisites are met.
In the same context it reaffirmed European legal principles such as that personal data may be collected and used only for specified, explicit, and legitimate purposes, and that processing must meet security and accuracy standards. Processing of sensitive data, such as data on race, ethnic origin, political or religious and philosophical beliefs, health or sex life is subject to stricter rules. These legal rules which have been in effect since 1995 contributed to a growing sentiment in Europe that personal data is property of an individual. This notion was first introduced in 1689 by John Locke, a philosopher of European Enlightenment era.
In accord with that, the CJEU held that an individual has the right to ask for the deletion of the link to the information concerning it, even if the information was initially legally published, given that the publication has completed its purpose.
The CJEU interpreted most of the applicable articles differently than the Advocate General. More precisely, unlike the Advocate General, the CJEU considered Google the controller of the search engine. In this manner the controller of the search engine is matched to the operator and the owner of the Search Engine.
The CJEU concluded that the controller of the processing, who publishes information as a third party, without the consent of person, has to erase that information on demand even if the information was initially legally published. The CJEU held that the controller is required to erase information, provided that certain criteria are met:
• The information no longer serves the goal of its publication;
• The information is no longer adequate and relevant;
• is excessive in relation to the purposes for which it is collected and/or further processed;
and
• The information is inaccurate or outdated.
The CJEU also raised an important aspect of the right to be forgotten, that is the issue of territoriality,. On this issue, the CJEU decided that even if the server,which processes the data, is located outside the regional jurisdiction of the court that is in third-countries, EU laws apply to it, if the operator of the search engines owns a subsidiary in the EU. This applies to any processor of data which profits from selling advertising space in an EU member state.
VI. Assessment
In general, the CJEU’s decision was well received in Europe. However, there is still strong opposition to the decision, since there is a valid fear that this may lead to a general self-censorship of internet search engines and social media.
Those in favor and those against the CJEU’s decision base their arguments on legal and moral grounds.
a. Legal Grounds
Proponents argue that the CJEU’s decision strengthens the right to be forgotten, as contained in the regulation proposed by the EU Commission, which, initially, faced strong opposition.
They also claim that the CJEU’s decision along with the Commission’s proposed Regulation which contains a distinct article on the right to be forgotten will provide more legal certainty, since it will eventually put an end to a potential series of contradicting decisions and differing interpretations of national courts of the right to be forgotten. Transposition of EU directives within the domestic legal order of the Member States often entails the possibility that the laws enacted or amended differ a little, and this could also lead to different interpretations and implementation of the right to be forgotten. .
In the same vein, proponents claim that the CJEU’s s decision is well substantiated, since the Court based its holding on the interpretation of certain articles of directive 95/46 and of the Charter of Fundamental Rights of the EU.
Proponents of the right to be forgotten also argue, that such a right, under no circumstances, equals to an internet censorship and that it successfully balances the right to privacy and the right to information and freedom of speech. They further argue, the right to be forgotten is not a right of “general eradication” of the one’s past, since the original publication, will not be deleted. The information will be deleted only from a publication which took place later and “processed” the initial information. They also claimed that the right to be forgotten in this new internet age, may eventually eradicate loop-holes concerning the personal data protection.
In addition, the right to be forgotten expands the personal data protection to the internet, an area where little or no regulation existed before. As technology evolves, it should also be followed by development of new rules in order to combat new threats. After all, such a debate always took place after new technological advancements emerged , in order to secure privacy.
The right to be forgotten may be of assistance to under aged persons, who do not have full legal rights but, do have access to the internet and the social media and they may post photos or personal information that they later regret for doing so years later . Very often, information about minors is posted, without their consent, by relatives or friends. . , ,. Thus, , minors can be protected from their own reckless and carefree nature, which in the future could cause them serious problems. When minors, become older, they will be able to delete unpleasant or harmful information added by other persons. . The right to be forgotten ensures that minors would retain control over their data.
In addition, the right to be forgotten could be of assistance to people to avoid problems in their workplace or other aspect of their life, by empowering or giving them a tool, to erase information from their past that is no longer accurate or current , and under other circumstances would be completely unknown.
On the other hand, many have argued that the legal basis of the decision is rather tenuous. This derives from a rather controversial rationale of theCJEU. All the above mentioned articles of the Data Protection Directive refer to many different smaller rights and freedoms concerning personal data protection such as right to erase complaint, quality of data and precision of the information. The court does not hesitate to use those smaller rights and freedoms of the Data Protection Directive to interpret a superior legal text such as the Charter of Fundamental Rights while, the legal theory suggests that it should have been “vice versa”. For instance, the Court puts more emphasis an individual’s right to privacy and opines that this more important than the freedom of information.
This should not be the case, since both the right of protection of personal data and the freedom of information are established in the same legal text and therefore they should have equal legal gravity.
Another issue that also raises concerns is that the CJEU’s decision directly disregards the right to conduct a business, which is also included in the Charter of Fundamental Rights. The implementation of this decision affects, not only google, but any other search engine as well, which may have to erase thousands of links on demand.
The CJEU suggested that the first issue that must be addressed by a search engine when a request for erasure is filed is to examine whether that request abides with the law.
However, this scenario is problematic in practice. Apart from the fact that this, would have as a prerequisite that any search engine would have to hold “mock trials” for each request, or have its legal advisors review each case which is not only costly but also time consuming and therefore directly interferes with the right to conduct a business, it would also result in a bureaucratic nightmare.
Reportedly, the first day after the decision was issued, google received 12.000 deletion requests. With the above given, it is only natural that any search engine company would be tempted to just accept each and every one of the requests.
Moreover the CJEU’s s decision is binding on Google only within the regional jurisdiction of the Court, which is the EU. It could be argued that it is not compatible with the principle of universal equality to information. That is not a purely legal obligation as it does not derive from any European legal text “per se”, but it derives from a non binding legal text of the United Nations Human Rights Council(UNHRC) resolution A/HRC/20/L.13 and especially from clauses one and two of that resolution. In clause one the protection of freedom of speech on the Internet is highlighted while in clause two, the UNHRC recognizes the international nature of the Internet.
Another crucial legal question that remains without an answer is whether the Right to be Forgotten could and should be inheritable. On the one hand,, recognizing personal data as property, would suggest that, personal data could and should be inherited.
The inheritance of the personal data of a deceased person and therefore the inheritance of the right to be forgotten would provide a solution to a currently evolving situation, that of digital death. The French data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), has estimated that 1% of all Facebook profiles worldwide (130 million profiles) belong to a deceased person.
On the other hand the current, abovementioned exception of the right to be forgotten concerning public figures problems could occur since it is not clear whether the status of the testator also inherited to the heir. In that manner if the testator was a public figure and his/her heir is not, then using the right to be forgotten would equal to deleting history. On the other hand if the testator was not a public figure and his/her heir is, then crucial information that could affect the heir as a public figure, would be possible to delete and consign to oblivion.
Finally, the CJEU t states that only information which is out of date and irrelevant can be deleted from search machines. In such a case, what if the information at stake is not relevant or it is out of date at the time that the deletion was requested but becomes crucial at a later time? Also, what about the instances in which new information is published referring to or commenting on an old piece of information? In the first case valuable information would be difficult to retrieve, while the answer to the second question is all but known.
b. Moral Grounds
On a moral basis many view the right to be forgotten as an extension to a fundamental right of every modern legal system in one form or another, the right to a second chance.
The right to be forgotten provides the reassurance that, in a time where nothing is forgotten due to the “digital” memory, the prisoning system maintains its correctional purpose. This is a legal tradition echoed by every legal system affected by renaissance and has its roots in antiquity. The right to be forgotten ensures that the convicted after he/she completes his/her sentence will be protected, against a generally unforgiving society, under the cloak of oblivion.
In the same context, the right to be forgotten balances the scale between public persons and ordinary citizens. Forpersons, an embarrassing piece of information can be easily forgotten or lost since the information about it can possibly be refreshed every day. On the contrary, for any other individual, harmful information would be available and easy to find, forever. In essence this would deprive the individual from a fresh start.
Even though the moral arguments in favor of the right to be forgotten seem to be invincible to any possible criticism, the right to be forgotten is the proof that morality can be a double edged sword.
The right to be forgotten allows any person to essentially create a virtual reality about him/herself. As Mr. Gonzalez stated after the verdict, "Like anyone would be when you tell them they're right, I'm happy. I was fighting for the elimination of data that adversely affects people's honor, dignity (…)”. This means that the achieved goal was not, the right to form a more accurate to date life portrait, but a tool of beautification. In that manner, two murderers can ask that their names be erased from Wikipediafor their crime committed 20 years ago, but they can keep online the fact that when they were in junior high school won in a soccer contest.
In addition, the definition of the right to personal data protection as a property right raises another moral issue. By considering the personal data as personal property, one may also attribute them a monetary value, which in effect, gives the right to an individual to dispose them, as one seems fit. This would actually create a new “human” trade where anyone would be able to auction parts of him/herself. That would lead to a free trading market of memories, very personal moments etc, which could possibly belong not only to the individual but also to the person who he/she represents in the legal world. In that manner a parent could sell memories and information about its child etc., especially if the child is prodigy and becomes famous or notorious in its life.
Moreover, a connection of the protection of personal data to the property right may also cause a huge financial damage to the companies, since essentially the deletion of information would be equal to deletion of capital.
In addition, the right to be forgotten poses a serious threat to the social cohesion. The exchange of information within the boundaries of a society is critical, in order to achieve some collective goals. It is obvious, that a society where anyone could hide information on demand, would lead to a fake or artificial society and it would be something closer to a group of Robinsons Crusoes.
It would be impossible to achieve social cooperation if the availability of information is optional and is directly connected to the consent of each and every one of us.
VII. Legal Developments
Today, information travels far, almost instantly, subject to no borders, and without the individual’s knowledge and consent. A number of courts around the world, deal with cases, similar to the one reviewed and analyzed in this article and may be confronted with more cases in the future.
Some of the most striking examples follow:
European Union
In Europe the right to be forgotten, has its roots in the French law, which recognizes “le droit à l’oubli”, the right to oblivion. This right grants to a convicted criminal, who has served his time and has been rehabilitated, the right to object to the publication of information concerning his crime and incarceration. The EU right to be forgotten is an expansion of that right, not only to convicts but on the general population and on the uncharted “waters” of the internet.
Another legal development in France, which is yet to be resolved, is a decision of the French Data protection Agency. This decision requests from google to delete information from its storages worldwide, not only within the regional jurisdiction of the CJEU. Google has declined to do so, arguing that there is no legal substantiation to such a request.
In Italy, a form of the right to be forgotten was recognized in November 2004. The Garante per la Protezione dei Dati Personali, the Italian Data protection Agency recognized the “diritto all'oblio”, or the right to oblivion. The Italian Data protection Agency decided that an individual has the right to delete personal data when no longer useful to the purpose for which it was processed.
Finally, the he decision of the CJEU validated and shed new light, to the possible interpretations of the proposed regulation and it designated its utility. The proposed regulation goes a step further by reversing the burden of proof. If the regulation is approved, the company will be responsible to prove that any information remains up to date, needed and relevant. Moreover, it includes in a formal legal text the decision of the court concerning territoriality, while it forces the operator of the search engine to, inform any third party involved that the individual wishes a piece of information deleted.
Argentina
In Argentina, two women, recently won lawsuits both claiming the Right to be Forgotten. Virginia Da Cunha, an Argentinian pop star, sued Google and Yahoo to take down explicit photographs posted in the Internet. These were photographs that she consented to but did not wish to be widely published on the Internet. After Da Cunha won on appeal, the content was removed from the Internet; a query on Yahoo!’s search engine in Argentina for the material will produce no search results. Similarly, an Argentinian model for Sports Illustrated, Yesica Toscanini, demanded Yahoo, to take down photographs of her drinking at a party that had been posted on the Internet. The court “ordered Yahoo to block ‘Yesica’ searches while the two sides appealed.”
United States
In the US, the right to be forgotten was met with great skepticism. Traditionally, the views of the EU and USA on privacy differ. Where countries in Europe protect privacy as a fundamental right enshrined in the 1995 directive, and in their constitutions, and as of 2009 in the Charter of Fundamental Rights, in the United States there is no such an overarching single law but various federal and state laws which regulate special categories of data, such as financial, health data, etc. governing aspects of private life. Fine examples of that are the U.S. Privacy Act of 1974, and the Electronic Communications Privacy Act of 1986.
In addition, it appears that in the United States, freedom of expression trumps privacy. According to the First Amendment, freedom of expression is protected as a fundamental right while there is no such protection for privacy. A striking example that can enlighten us, in the way the US justice system treats internet privacy, is the case Snyder v. Millersville University, even though the trial took place prior to the case C-131/12 and proposed regulation in EU. In this case, a student was not granted her bachelor degree because of information she had published on the social media.
Nonetheless, there are voices claiming that, some sort of right to oblivion, already exists in USA legislation and that USA always was “a land which offered a second chance”. Fine examples of this notion are US bankruptcy, credit reporting and criminal law among others.It is worth noticing that concerns about the invasion of technology in private life have been expressed by the US scientific community even back at the late 19th century, when Warren and Brandeis, published in the Harvard Law Review in 1890 an article addressing the need for privacy protection from unwanted press or from public dissemination of private information created by new inventions.
VII. Concluding Remarks
Based on the CJEU’s analysis of the basic elements of the rights to be forgotten, the right to be forgotten may be defined as follows:
An individual is the owner of his personal data. If the personal data of that individual are published or processed, for no legal reason or without his consent, or for a legal reason, but the information is outdated, irrelevant, inaccurate and no longer serves the purpose of its legal publication, the subject has the right to ask the modification or the deletion of the data, even in case the original publication was legally published.
The debate about the right to be forgotten is, and probably will remain controversial ,across the world, in instances when new legislation is drafted, interpreted and enforced by courts, and as far legal theory and philosophy are concerned.
Even though in Europe the right to be forgotten originated in a pending Regulation and the 1995 directive and the rationale behind the creation of such a right by the CJEU seems reasonable at first sight, there might be some potential hazards of such a right. Apart from the difficulty to enforce such a right due to the bureaucratic and technical difficulties it entails, there are still serious legal arguments against it, as established by the court.
Finally, the judgement in Google Spain v. Agencia Espanola may open a “Pandora’s box” concerning data protection on the internet. No one may claim that internet should be a lawless place but the way that recent developments shape the form of its regulation, questions other rights and may cause damage to both society and moral principles.
The fact that, this is a problem subject to no boundaries suggests that, legal and academic society all over the world should carry out common deliberations so that a common solution might be found.
* L.L.B Candidate, University of Athens, Law school (Greece).
Lethe, the ancient Greek less known deity of Forgetfulness, often represented as a river whoever drunk from its water lost all memory and everyone who knew him/her forgot him/her as well.. Lethe, Greek mythology, Encyclopedia Britannica, http://www.britannica.com/topic/Lethe.
Case C-131/12, Ct.J.EU (Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González) available at: Check out the bluebookhttp://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d543eebb46b73f4314b9d5db2974a717d8.e34KaxiLc3qMb40Rch0SaxuSbhn0?text=&docid=138782&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=396824
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data, 1995, O.J. (L281) 31, available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
European Commission, Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), : http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
European Commission, Press Release, June 22, 2010, (text of Redding speech), "internet Users Must Have Effective Control of what they Put Online and Be able to Correct, Withdraw or Delete it at will” available at http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/327.
Id. Reding noted, however, that the area of data protection and privacy "needs clarity, not
Red tape."
Supra, note 2 Case C-131/12 para. 14
Agencia Espanola de Proteccion de Datos (AEPD): AEPD is the Spanish Data Protection Agency, which, inter alia, is responsible for enforcing the he Spanish data protection legislation and reviewing applications and complaints filed by individuals., whose personal data have been violated. http://www.agpd.es/portalwebAGPD/index-iden-idphp.php.
https://illinois.edu/blog/files/25/115958/4540.jpg A photo of the publication concerning Mario Costeja Gonzalez
Supra, note 2 Case C-131/12 para. 14-20
Currently, the CJEU U is composed by 28 judges, one judge from each EU country. The court is responsible for a uniform interpretation and implementation of the EU law in all the EU countries and institutions that are bound by it. Directly, the court rules over disputes between member states and between member states and EU institutions (Council of the EU, Commission, Parliament. .). Indirectly, theCJEU, rules over preliminary questions posed by national courts. These questions must refer to the interpretation of European Union law. The CJEU’s decision is binding not only to the national court that posed the question but throughout the EU countries. European Union, Court of Justice of the European Union (CJEU) http://europa.eu/about-eu/institutions-bodies/court-justice/index_en.htm
The Charter of Fundamental Rights of the European Union is binding on all Member States and the EU institutions , Charter of Fundamental Rights of the European Union, 2012, (C 326) http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT.
Supra note 2 judgment of the court in case C‑131/12
Id.
Id.
Id.
Id.
Id.
Supra note 4, proposal.
Supra note, 11 Charter of fundamental Rights of the EU Article 7 () Article 8 available at http://www.europarl.europa.eu/charter/pdf/text_en.pdf.
Supra, note 3 Directive 95/46ec Data protection directive art. 1, paragraph 1
Id. art 2.
Supra note3, Directive 95/46/EC, art. 2, (d).
Id, , art 2(e)
Id. art. 6.
Supra , note 2Case C‑131/12, “ (…) the controller has the task of ensuring that personal data are processed ‘fairly and lawfully’, that they are ‘collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes”
Supra note 3 Directive 95/46ec art.7
Id. art.14
Id. art. 28
The role of the Advocate General of the CJEU is very prestigious, respectful and influential. CJEU is assisted by 8 Advocates General and one of them is assigned to assist the Court in each case. The main task of an Advocate General is to offer a written opinion to the court after thorough consideration of the arguments of all parties involved, the legal framework and the facts of a case and to propose an independent, impartial legal solution. The opinion of the Advocate General, is not binding but usually the Court in its decision reaches conclusions in the same direction with the opinion of the Advocate General.
Opinion of Advocate General Jaakinsen in Case C-131/12 (Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González) paragraph 138 (3) available at: http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d543eebb46b73f4314b9d5db2974a717d8.e34KaxiLc3qMb40Rch0SaxuSbhn0?text=&docid=138782&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=396824.
Id. paragraph 83.
Supra note 2: case C131/12 : Article 2(b) and (d) of Directive 95/4 6 (…) on the protection of individuals with regard to the processing of personal data and on the free movement of such data are to be interpreted as meaning that, first, the activity of a search engine consisting in finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily and, finally, making it available to internet users according to a particular order of preference must be classified as ‘processing of personal data’ within the meaning of Article 2(b) when that information contains personal data and, second, the operator of the search engine must be regarded as the ‘controller’ in respect of that processing, within the meaning of Article 2(d).
Supra note 32 Opinion of Advocate General Jaakinsen par. 75
Id. Article 12(b) and subparagraph (a) of the first paragraph of Article 14 of Directive 95/46 are to be interpreted as meaning that, when appraising the conditions for the application of those provisions, it should inter alia be examined whether the data subject has a right that the information in question relating to him personally should, at this point in time, no longer be linked to his name by a list of results displayed following a search made on the basis of his name, without it being necessary in order to find such a right that the inclusion of the information in question in that list causes prejudice to the data subject. As the data subject may, in the light of his fundamental rights under Articles 7 and 8 of the Charter, request that the information in question no longer be made available to the general public on account of its inclusion in such a list of results, those rights override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in having access to that information upon a search relating to the data subject’s name. However, that would not be the case if it appeared, for particular reasons, such as the role played by the data subject in public life, that the interference with his fundamental rights is justified by the preponderant interest of the general public in having, on account of its inclusion in the list of results, access to the information in question.
“Every Man has a Property in his own Person.” – John Locke, Second Treatise
Supra note 2 case C-131/12 par. 93
Id para 100 (1)
Supra note 2 case C‑131/12 para 60 available at: http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=401065.
See Kelly Fiveash, Facebook Tells Privacy Advocates Not To "Shoot the Messenger”: Richard Allan representative of facebook suggested that the EU approach was to "shoot the messenger," in that the "source of the content" rather than the "places where the content is shared," should be the focus of any efforts to promote privacy controls. available at http://www.theregister.co.uk/2011/03/23/facebook_shoot_messenger/
Jeffrey Rosen, The Right to Be Forgotten, The Atlantic, July-August, 2012, http://www.theatlantic.com/magazine/archive/2012/07/the-right-tobe-forgotten/309044.
See Sources of EU Law http://ec.europa.eu/ireland/about_the_eu/legal_information_and_eu_law/sources_eu_law/index_en.htm
Supra note 2 C-131/12 par 1
Supra note 5 Viviane Reding
Supra Samuel D. Warren & Louis D. Brandeis
See ALLEN SALKIN What’s in a Name? Ask Google, available at: http://www.nytimes.com/2011/11/27/fashion/google-searches-help-parents-narrow-down-baby-names.html
Supra 5 Viviane Reding
See Patricia Sanchez Abril et. al., Blurred Boundaries: Social Media Privacy and the Twenty-First-Century Employee, 49 Am. Bus. L.J. 63, 64 (2012) (“Blurred Boundaries”).
Legal status of the Charter of Fundamental rights of the EU http://www.europarl.europa.eu/atyourservice/en/displayFtu.html?ftuId=FTU_1.1.6.html.
Supra note 2 case C-131/12
Supra note 11 Charter of Fundamental Rights of the EU article 8. See also, Supra opinion of the Advocate General par. 120-125
See Google Got 12,000 Requests To Be 'Forgotten' In The Service's First Day available at: http://www.businessinsider.com/google-search-results-removal-program-12000-requests-2014-5
Id
A/HRC/20/L.13 The Promotion, Protection and Enjoyment of Human Rights on the Internet http://ap.ohchr.org/documents/alldocs.aspx?doc_id=20280
DOES THE EU DATA PROTECTION REGIME PROTECT POST-MORTEM PRIVACY AND WHAT COULD BE THE POTENTIAL ALTERNATIVES? Edina Harbinja SCRIPTed A Journal of Law, Technology & Society https://script-ed.org/wp-content/uploads/2013/04/harbinja.pdf
Lexology Digital life after death http://www.lexology.com/library/detail.aspx?g=48f0b742-fc0c-4d19-b94a-52f22c46e4ea
Supra note 2 case C-131/12
See Plato: Protagoras Dialogue 324a c : “ (…) mere retribution is for beasts and not for men”
See “EU court backs 'right to be forgotten': Google must amend results on request” available at: http://www.theguardian.com/technology/2014/may/13/right-to-be-forgotten-eu-court-google-search-results
See Peter Fleischer “The right to be forgotten, or how to edit your history” Jan. 29, 2012, http://peterfleischer.blogspot.com/2012/01/right-to-be-forgotten-or-how-to-edit.html
See John Schwartz, Two German Killers Demanding Anonymity Sue Wikipedia’s Parent, N.Y. TIMES, Nov. 12, 2009 ADD URL
Robinson Crusoes is a fairytale hero. In his story, he survives a shipwreck and is washed up at a deserted island all alone.
The right to be forgotten under European Law: a Constitutional Debate, Pere Simón Castellano Lex Electronica, vol. 16.1 (Hiver/Winter 2012)
European Commission Factsheet on the right to be Forgotten C-131/12 available at : http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf
Jeffrey Rosen, The Right to Be Forgotten http://www.theatlantic.com/magazine/archive/2012/07/the-right-tobe-forgotten/309044.
Robert Krulwich, Is the ‘Right to Be Forgotten’ the ‘Biggest Threat to Free Speech on the Internet’? http://www.npr.org/sections/krulwich/2012/02/23/147289169/is-the-right-to-be-forgotten-the-biggest-threat-to-free-speech-on-the-internet.
See BROOKLYN JOURNAL OF INTERNATIONAL LAW (NARROWING THE RIGHT TO BE FORGOTTEN: WHY THE EUROPEAN UNION NEEDS TO AMEND THE PROPOSED DATA PROTECTION REGULATION), Emily Shoor,January 20, 2013
PRIVACY ACT OF 1974 (2015 EDITION) https://www.justice.gov/opcl/overview-privacy-act-1974-2015-edition
Electronic Communications Privacy Act of 1986 https://www.loc.gov/law/opportunities/PDFs/ElectronicCommunicationsPrivacyAct-PL199-508.pdf
See Steven C. Bennett, The “Right to Be Forgotten”: Reconciling the EU and US Perspectives, 30 BERKLEY J. INT’LL http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?article=1429&context=bjil
See Franz Werro, The Right to Inform v. the Right to Be Forgotten: “A Transatlantic Clash”GEORGETOWN UNIVERSITY Center for Transnational Legal Studies Colloquiumhttp://poseidon01.ssrn.com/delivery.php?ID=646117100022002068125120108124100104118081007014064089086095009069118091081026107108050122101118013124055091101121079102082098023074053015000069100075021100106010018046080092069107004121023098086104077102079092087122072023104117006065023019099021125&EXT=pdf
Supra note 64 NARROWING THE RIGHT TO BE FORGOTTEN: WHY THE EUROPEAN UNION NEEDS TO AMEND THE PROPOSED DATA PROTECTION REGULATION
Supra. Note 64 NARROWING THE RIGHT TO BE FORGOTTEN: WHY THE EUROPEAN UNION NEEDS TO AMEND THE PROPOSED DATA PROTECTION REGULATION
See The Right to Be Forgotten Across the Pond, Meg Leta Ambrose and Jef Ausloos 2013
Id
Supra, note 61 . Steven C. Bennett, The “Right to Be Forgotten”: Reconciling the EU and US Perspectives
Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 HARV. L. REV 1890
Id.