On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union (CJEU) released his opinion regarding a 2016 enforcement action carried out by the French Supervisory Authority (CNIL) against Google.  In that case, the CNIL ordered Google to de-reference links to webpages containing personal data.  According to the CNIL, the de-referencing had to be effective worldwide.  Google challenged the CNIL’s decision before the French administrative court, which then referred this matter to the CJEU.

In his opinion, Advocate General Szpunar disagrees with the CNIL’s view on a worldwide application of the “right to be forgotten.”  According to Szpunar, the EU Charter’s right to data protection must be balanced against other Charter rights, such as the right of access to information.  These rights must be applied with a territorial link to the EU, and cannot be broadly interpreted to apply across the whole world.  To that end, Spuznar emphasizes that EU regulators cannot reasonably be expected to make this balancing test for the entire world.  Moreover, a worldwide application of the de-referencing obligation would send a “fatal signal” to third countries eager to limit access to information.  It could lead to a race to the bottom at the expense of freedom of information in the EU and worldwide.  This does not mean that EU data protection law can never have an extra-territorial dimension, but not in this case.

While a worldwide obligation to de-reference is not desirable, Szpunar does believe that Google should be required to make every effort to de-reference the relevant links across the EU (and not just in France).  This includes by means of “geo-blocking”, irrespective of the search engine domain used – i.e., a user of Google.com, Google.fr or Google.de should not see the relevant links if it can be established that the user is in the EU (for example, on the basis of the user’s IP address).

The opinion of the Advocate General will now be considered by the CJEU, who is expected to render a decision in a couple of months.  The CJEU often follows the general analysis of the Advocate General.

Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of…

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.