Not just one, but many ‘Rights to be Forgotten’


Geert Van Calster, European and international law, KU Leuven, Belgium, gavc@law.kuleuven.be
Alejandro Gonzalez Arreaza, Institute for international law, KU Leuven, Belgium, alejandrojose.gonzalezarreaza@kuleuven.be
Elsemiek Apers, Conseil International du Notariat Belge, Brussels, Belgium
PUBLISHED ON: 15 May 2018 DOI: 10.14763/2018.2.794

Abstract

Since being first developed through the case law of the European Court of Justice, the Right to be Forgotten (RTBF) has continued rapidly to evolve and has recently moved beyond its European borders. In recent times, RTBF has faced increasing debate and litigation, such as in Latin America. This paper focuses on the wide spectrum of interpretations RTBF has garnered across countries and data protection authorities. This paper compares relevant European or Latin American cases within each jurisdiction on the basis of four key variables. Case analysis showed that there is no unified approach to RTBF. This is especially true at the level of the defendants involved, that is, whether it involved the local subsidiary or the parent company, and whether the order of removal had local or 'global' effects, meaning the removal of content or access was addressed to a local or global domain. This last issue is paramount, since it will determine whether an order of removal would leave content available and accessible for anyone outside of the jurisdiction of the authority who orders it, or whether links to the content become inaccessible to everyone everywhere.
Citation & publishing information
Received: December 12, 2017 Reviewed: March 22, 2018 Published: May 15, 2018
Licence: Creative Commons Attribution 3.0 Germany
Competing interests: The author has declared that no competing interests exist that have influenced the text.
Keywords: Right to be forgotten
Citation: Van Calster, G. & Gonzalez Arreaza, A. & Apers, E. (2018). Not just one, but many ‘Rights to be Forgotten’. Internet Policy Review, 7(2). DOI: 10.14763/2018.2.794

Introduction:

This paper describes the wide spectrum of interpretations of calls for the Right to be Forgotten (‘RTBF’) across countries and data protection authorities (‘DPAs’). The paper does not discuss the European judgment itself, which led to the RTBF,1 or its general relation with public and private international law: this has been done elsewhere.2 Rather we compare the different ways RTBF has been decided in different jurisdictions. This comparative analysis concludes that RTBF appears to lack a clear conceptualisation, which then translates into multiple – and sometimes contradicting – approaches by domestic courts.

In our analysis of the relevant cases, we included the following nations: Belgium, The Netherlands, the United Kingdom, France, Germany, Poland, Argentina, Chile, Mexico, Colombia, Brazil, and Peru. Reviewing cases across these nations, we looked for four key variables in particular:

  1. Who is the applicant or plaintiff?
  2. Who is the defendant. In particular, which company is targeted by the case: a local subsidiary, or the parent company, or both?
  3. If removal is ordered, which domain did the ruling target? The local domain and /or the mother company’s domain (typically a .com domain)
  4. Finally, even when a court or authority orders removal, does it suggest that it can order so ‘globally’ (meaning that the content is no longer consultable for anyone accessing the domain, whether located in the country of the court or elsewhere), or does it request the defendant ensure removal from more than just the local domain name (.com in particular), however leaving consultation of that domain untouched for those consulting it outside of its jurisdiction. In the latter option, search results in other countries are not affected.

Comparing nations on the basis of these four variables, the review found that there was no unified approach to RTBF in the national courts we researched. Especially at the level of defendants that are being asked to remove search results (or to de-link search results and particular urls). To the contrary, there is a wide variety. That said, however, cases almost always involve Google.

Therefore, from this point, this research focused mainly on cases dealing with applications against or that have involved Google. A key element for these decisions was that the local subsidiary of Google was usually involved in the case. Often Google Inc (as the parent company) was co-sued. Yet even if it was, final judgments rarely identified the exact party which is being asked to remove links, with the notable exception of cases in the Dutch courts. In one of two cases where extension to the .com domain was specifically discussed (Cologne; further discussed below), it was rejected ─ an approach which in our view was also legally correct.3 In the other (Rotterdam: 2016, see below) the Dutch court stated that it did not see why the dispute should be limited to Google.nl and accompanied this view with a specific instruction to extend removal to the .com domain.

This analysis showcased the many ways RTBF has been tackled by different domestic courts. This allowed for the many issues dealing with RTBF to rise to the surface. The main contribution of this work consists of identifying the many issues and multiple solutions national courts have found to address the new challenges presented by RTBF, as well as the need for privacy and freedom of expression in the age of the internet.

Europe

First, we focus on how RTBF has been incorporated and analysed by multiple jurisdictions within the EU. At a superficial level, after the Google Spain decision in 2014, there was an explosion of cases dealing with individuals and corporations seeking to erase or delete negative information on the internet. Nonetheless, a closer review suggests that domestic courts have interpreted RTBF in widely different manners over time. A key example observed in several cases upon this research deals with the question of in which domain the information should be limited or deleted. Due to the very nature of the internet, and particularly search engines such as Google, most information could still be found even after links were being dropped from the local domain for a particular country. Over the years, there has been an increasing push to extend these RTBF applications to .com domains across the globe.

While some jurisdictions have dealt into these global vs. domestic concerns regarding the RTBF, other courts have focused more on the jurisdictional issues arising with the fact that many of these giant search engine companies are not based or incorporated in their respective jurisdictions. Still other courts have tried to make the RTBF fit their pre-Google Spain notions of data protection, typically by expanding the protective regime.

RTBF in Belgium

In Belgium there has been very little case law on the removal of data and the interpretation of Google Spain. Only one case can be found through our search of available databases. It does not involve Google as a party.

The case originated in Liège and went to the Supreme Court in April 2016. It concerned a claim against a Belgian newspaper, which had opened a new digital archive in which it stored old editions.4 An article providing full personal details could be found in this digital archive, relating to a doctor accused of drunk driving who caused a car accident many years ago. He requested that the newspaper anonymise the article. The newspaper refused. The Court of Appeal had listed many criteria which had to be fulfilled in order to give priority to the right to privacy over and freedom of the press. It found these criteria to all have been fulfilled in the case at issue. The Supreme Court later confirmed this ruling, in favour of the plaintiff.

The criteria set out required that the content had to be a description of facts; that there was no specific reason to publish the article again; that the content of the article had no historic value; that a certain amount of time needed to have passed between the first and second publication; that the person(s) involved was not a public figure; that all debts (sentence) had been paid; and that the person involved has been rehabilitated.

In this case the Court of appeal concluded that the publisher had to amend the article. The Supreme Court then confirmed that the right to be forgotten – the exact term used is somewhat of a literal translation into Dutch (‘recht op vergetelheid’) – can result in a restriction of the freedom of the press. This interpretation of the ‘RTBF’ was already applied in earlier case law, and is therefore not new after Google Spain.

In March 2014 the Court of First Instance in Brussels had already confirmed that there are three criteria that trigger the RTBF: a) the facts have to relate to a judicial matter, b) they have already been published (and now appear again), and c) it has to be shown that there is no legitimate interest in the redistribution of the facts.5

RTBF in The Netherlands

Two relevant Dutch cases have touched upon international jurisdiction. In the first (October 2015), the issue of jurisdiction was raised. However, in the end, the jurisdiction was quite easily accepted and Dutch data protection law was applied without much debate.

In one other case (Rotterdam, 2016) the court extended its ruling to the google.com domain. It argued that even if the search engine automatically redirects to a local extension when google.com is used, that is not a guarantee that a computer situated in the Netherlands will only see results provided for via google.nl. This, the court held, depends on the IP-settings of the computer, in that a user could quite easily change the virtual location of a device.

However, in other cases, the Dutch courts did not discussed the jurisdictional issues at all. Rather, they have proceeded immediately to the balancing of the right to privacy, with the right to freedom of the press, or the legitimate interests of society to access information. In some cases Google Spain was mentioned, while in others the Data Protection Directive, or national data protection law was relied upon without reference to Google Spain.

In a recent case involving a request to delete certain search results, the court in The Hague argued that Google Spain did not imply that every daughter company is responsible for content placed online by another company in the same company group. In this judgment it was held that Google Netherlands was only in the Netherlands for marketing purposes and could therefore not be held accountable for (in)action by its mother company. The claim against Google Netherlands was not further entertained. Whether this particular judgment is in line with the Google Spain case is far from certain.

RTBF in the United Kingdom

In the United Kingdom the courts have seemed more concerned with the fact that Google Inc. is a party not established within their jurisdiction. Cases against such defendants can only go ahead after the Court gives permission to ‘serve outside the jurisdiction’.

In Vidal-Hall (2014) and appeal (2015)6 the plaintiffs brought a case against Google Inc. because Google had collected data in the form of cookies, sent from the plaintiffs’ web browser, for marketing purposes, without consent of the users. The judge addressed the fact that the plaintiff was situated in California and held that the proceedings could only be served upon the defendant in California if the following conditions were met: (i) when there is a serious issue to be tried on the merits of their claims i.e. that the claims raised substantial issues of fact or law or both; (ii) that there is a good arguable case that their claims come within one of the jurisdictional 'gateways' set out in the relevant English rules (CPR PD 6B); (iii) that in all the circumstances, England is clearly or distinctly the appropriate forum for the trial of the dispute, and (iv) that in all the circumstances, the court ought to exercise its discretion to permit service of the proceedings out of the jurisdiction.

As for those jurisdictional ‘gateways’, the court decided that the matter fell under ‘tort’ in section 3.1(9) of the CPR Practice Direction 6B. This Practice Direction is a piece of procedural legislation and is as such not related to data protection.

The remainder of the case was concerned with whether the plaintiffs fulfilled the other conditions. Google pleaded none were fulfilled, the court however held that all were fulfilled. Google’s practices were found to be a misuse of private information, which was and is considered a tort under the CPR. (Of note to understand the judgment is that the traditional common law does not have a tort for invasion of ‘privacy’).

In Mosley v Google Inc. & Anor (2015)7 the plaintiff sought to have Google Inc. break the link between certain searches and the search results which lead to damaging images of him and a prostitute caught in a newspaper sting operation. The judgment applied Google Spain to rule that in Mosley too, Google was the controller of Data for the Data Protection Directive. The only review on jurisdiction came at an earlier stage when the High Court granted permission to serve the claim form on Google.

RTBF in France

In France, the national data protection agency (CNIL) held that the right to delisting could only be effective when carried out on all extensions of the search engine, not only local or EU-extensions – or .com for that matter. The CNIL was of the opinion that removal should extend to any possible extension, even though Google already ensured that when it removed certain information that was accessible on a local extension, it was no longer visible from any device located in the EU or .com.8 Judicial review against this decision is now pending at the Conseil d’Etat, which has referred the case to the European Court of Justice (where its case-number is C-136/17 - case pending at the time of writing..

RTBF in Germany

In Germany the same reasoning was used as in the Netherlands when it comes to applying national data protection law to a company which is situated outside of the EU. Even a controller without a server in Germany, may be subject to German data protection law as the data are processed on the device a person is using in Germany. This apparently is a purely academic debate as there is no jurisprudence on it (yet).9

In a case against Facebook, the courts in Hamburg ruled that German data protection law did not apply to the data processing operation necessary to give individuals access to the social network page, as this is not done by the German establishment of Facebook, but by the establishment in Dublin, Ireland. The court did not find this contradictory with Google Spain, as it treated the two cases distinctly. The court held that ‘carried out in the context of the activities’ was only to be construed broadly when the controller was established outside of the EU, not, as was the case here, inside the EU, as then the EU data protection rules would apply and thus there would be no loss of protection for the individual.10

The courts in Cologne11 specifically upheld jurisdiction in a libel case against Google.de alone, for that was the website aimed at the German market. It rejected extension of the removal order vis-à-vis Google.com, in spite of a possibility for German residents to reach Google.com, because, the Court argued, that service was not intended for the German speaking area and anyone wanting to reach it, had to do so intentionally.

RTBF in Poland

Individuals that wanted to invoke the RTBF in Poland, usually started an administrative procedure with the national data protection authority (GIODO). Not that many cases actually reached the courts. GIODO used Google Spain and generally followed its line of reasoning.12

One decision of the GIODO is of particular interest: it followed the lines of Google Spain against Facebook Poland. GIODO held that even though the Polish branch of Facebook was there for marketing purposes only, it could still be subject to an order to remove data from the US controlled Facebook servers.13 This decision was therefore the exact opposite from the conclusions drawn by the Dutch courts.

In a case against a company - which made private data of an individual public, the Polish highest administrative14 court sent back a judgment to the Regional court, which then invoked Google Spain and concluded that the company which made the data public could be considered a ‘controller of data’ within the meaning of the Data Protection Directive.

Latin America

Unlike the situation in the European Union, Latin American jurisdictions have lacked a single landmark decision – like Google Spain – that could serve as a reference point to help them decide cases dealing with data protection, the RTBF, and freedom of expression. In turn, some jurisdictions have made express references to the Google Spain decision in their judgements and have tried to build a domestic jurisprudence involving the RTBF. The main challenge the region faces is the complete lack of legislation enshrining the RTBF. This, however, did not stop the development of this right within the Latin American legal systems.

Many jurisdictions – like Argentina – attempted to address the RTBF by relying on their pre-Google Spain data protection and privacy laws. While others, such as Colombia, tried to rely on the European experience and tried to address the increasing need to tackle issues related to data protection in the ‘age of the internet’.

A particular issue that was addressed by many Latin American jurisdictions dealt with the risks incurred by the RTBF, especially in terms of the region’s terrible history dealing with human rights violations. Other countries raised real concerns involving the use of the RTBF as a tool to hinder the freedom of the press when investigating corruption or abuses of power.

The RTBF in Argentina

Currently there is no law or regulation that expressly deals with the RTBF (draft bills are being discussed). Courts employed the general Civil liability regime to address cases related to internet intermediaries. Key cases are highlighted below. Not all of these cases involve a RTBF: some concern removal of illicit material - while the RTBF strictly speaking applies to material that is not in and of itself illicit. These cases were nevertheless included to the extent that they highlight the overall context for the geographical scope of court rulings.

In Esteban Bluvol v. Google (2012)15 the court of first instance ruled against Google by determining that it had an objective civil responsibility under the Civil Code. A Court of Appeals reversed that ruling, determining that Google, as an intermediary, was not automatically liable for the defamatory conduct of third parties. Nevertheless, the appeals court ruled that Google was subjectively liable under the Civil Code, meaning that Google’s conduct was negligent. In this case, the Appeals Court ruled that search engines become liable once they have been notified of the existence of an infringing content and fail to remove access to it. In this case Google Inc. and its Argentinian subsidiary were sued.

In Da Cunha v. Yahoo and Others (2010)16 the first instance court ruled against Yahoo and Google. However, this decision was reversed in appeal. The Appeals Court applied the subjective liability regime established in the Civil Code. The court determined that internet intermediaries were liable once they had been notified of the existence of the illicit content and failed to remove it. The case was finally settled by the Supreme Court, which confirmed the Appeals Court decision, following the case law set out in Rodriguez v. Google, explained below. In this case Yahoo Argentina and Google Inc. were sued as defendants. Google’s local subsidiary was not named in the lawsuit.

In Florencia Peña v. Google (2013)17 the court granted a provisional remedy ordering Google to block all search results involving the plaintiff engaging in sexual acts and not limited to a determined URL. This case involved Google Inc. as the main defendant, while Google’s local subsidiary was not sued.

In Carrozo v. Yahoo de Argentina and Others (2013)18 the appeals court condemned Yahoo and Google to indemnify the plaintiff for the use of her image on pornographic websites. The court determined that the internet intermediaries were objectively liable, since their activities were inherently risky, which makes them automatically liable for any damages that may have been caused. Moreover, the court ruled that search engines located matches with the words searched by the user, thereby creating a reference to the search result, as well as a cache of the website’s content. Therefore, the court concluded, when accessing a search engine’s website, all content within it was under the search engine provider’s control, including when performing the search. In this case Yahoo Argentina and Google Inc. were sued as defendants. Google’s local subsidiary was not named in the lawsuit.

In 2014 the Supreme Court of Justice of Argentina (SCJ) stepped in and laid out the concrete requirements to establish the liability of internet intermediaries. The case involved Yahoo Argentina and Google Inc. as defendants, while Google’s local Argentinian subsidiary was not sued.

In Rodríguez, María Belén v. Google (2014)19the SCJ ruled that internet intermediaries were not objectively liable for the content they showed on their search results, since this would be contrary to their freedom of expression. Nonetheless, the SCJ ruled that these intermediaries did become liable once they had been properly notified of the existence of the illicit content and they failed to remove it.

The SCJ established the mechanism for the ‘proper notification’ of the intermediaries, as well as what constitutes ‘manifestly illicit content’. The court ruled that ‘proper notification’ could only be a judicial order issued by a court. In this regard, the court determined that any content involving child pornography, data that enables or facilitates the commission of a crime, content that endangers the life or physical integrity of persons, amongst others, were to be considered ‘manifestly illicit content’.

The case law established in the Rodriguez case (2014) was upheld in two more Supreme Court cases, Da Cunha v. Yahoo SRL and Lorenzo, Barbara v. Google Inc.20 The latter case involved Google Inc. as the main defendant.

Currently, neither the case law nor the proposed bills ruled on whether the RTBF in Argentina would require internet intermediaries to also block content on their .com domain.

The RTBF in Chile

Currently there are no laws or regulations that deal with the RTBF in Chile. However, a bill was debated in the Chilean Congress, which would have granted citizens the right to ask search engines or websites to block or take down content from the internet.The debate on that bill is as yet unresolved.

Given the lack of normative recognition and treatment, case-law on the matter is not entirely settled. The Chilean Supreme Court of Justice (SCJ) in one recent case ordered21 the removal of a news article published more than a decade ago on the website of El Mercurio, one of the biggest and oldest newspapers in Chile. The SCJ ruled that maintaining this news article for more than ten years on the newspaper’s website allowed it to be reached by search engines, which violated the plaintiff’s rights to honour and privacy.

The Supreme Court determined that news agencies’ right to freedom of the press allows them to investigate and publish news that are of public interest. However, the passage of time makes news less relevant – unless new events makes them relevant once more – at which point the RTBF overrides the right to freedom of the press. The Court said that, as long as a news has current relevancy, the right to freedom of the press trumps the individual’s RTBF, but that this balance shifts in favour of the RTBF once the news ceases to be relevant. Nonetheless, the SCJ made clear that there are two exceptions to this rule: news that are historically important or that deal with matters of historical interest; and news related to public persons in the performance of a public act. The SCJ’s ruling not only ordered the removal of the content from the website that hosted the content, but also its removal from the newspaper’s search engine. However in an even more recent ruling a the very end of December 2017, the court decided in favor of the Chilean Center for Investigative Journalism and Information, CIPER, against a doctor's request to remove a report about medical malpractice from CIPER's site.

Currently there is no clarity as to whether the RTBF, when upheld, is applicable to .com domains or only to the local search engines (.cl). The bill under debate did not refer to the scope of application of the bill, it rather used the broad term ‘search engines’ without referring to the territorial effect that the RTBF may have.

The RTBF in Mexico

Currently there are no laws or regulations that deal with the RTBF in Mexico. There has been one known case involving the RTBF in Mexico. The case of Carlos Sanchez v. Google Mexico (2015)22 involved Google Mexico as the sole defendant. The case began after a powerful Mexican businessman applied to the Mexican data protection agency – Instituto Federal de Acceso a la Información y Protección de Datos – now called INAI, ordering Google Mexico to de-list news articles exposing alleged corruption between this businessman and government officials. Google Mexico argued that the management of the search engine ‘Google Search’ was in the hands of Google Inc., a US corporation. Moreover, the company maintained that the content in question was lodged and maintained by a third party that is outside of Google Mexico’s control. Nonetheless, the INAI, analysing the company’s statutes, determined that there was a sufficient link between Google Mexico and Google Inc. to compel the former to abide by the decision to remove access to the news articles.

The INAI ordered Google Mexico to remove access to the content and remove any content related to the links provided by the applicant. The INAI’s decision was challenged in the courts by the newspaper whose content was being prevented from being accessed. Later, an appeals court annulled23 the decision against Google Mexico on procedural grounds, since the administrative procedure did not allow for Revista Fortuna to defend its legitimate rights as the owner of the content.

The INAI did not specify the scope of enforcement of the ruling, that is, it did not determine whether the order of removal was to be limited to the .mx domain or whether it had to include the .com domain. The fact that the order was addressed to Google’s local subsidiary could suggest that it should be limited to the .mx domain.

The RTBF in Peru

Currently there are no laws or regulations that specifically deal with the RTBF in Peru. However, the Personal Data Protection Act has been recently employed to grant Peruvian citizens the right to ask internet websites and search engine providers the removal or blocking of access to content that violates Peruvian law.

In March 2016, the Peruvian Data Protection Agency (DGPDP - for its acronym in Spanish) ruled against Google Peru and Google Inc.24 ordering them to pay fines and to remove access to certain content related to a Peruvian citizen from their search engine. The DGPDP ruled that the Peruvian Data Protection Act was applicable to both Google Peru and Google Inc., since Google’s search engine performed web searches on the entire web globally, which also included websites and servers located on Peruvian territory, therefore, the agency concluded, it falls within the jurisdiction of the Peruvian Data Protection Act. Furthermore, the agency determined that it had to analyse the ‘nature of the matter’ which requires it to consider the global reach of Google Inc. In that sense, the agency determined that Google Search, as a service, is accessible to Peruvian citizens and to devices located on Peruvian territory, which creates a jurisdictional link to Peruvian legislation. The jurisdictional reach expressed in this case therefore was extraordinarily large.

The DGPDP also ruled that it had jurisdiction to rule on the matter, because of the fact that Google Search had a specific search engine for Peru (.com.pe domain), which showed content produced or hosted in Peru, gathering personal data from Peruvian citizens or residents, and even allowed for users to choose between Spanish and Quechua (the two official languages of Peru). Moreover, the agency determined that the fact that Google provided advertisements – specifically tailored for Peruvian residents and citizens, for services in the Peruvian market – also meant that it had jurisdiction and that the applicable law was the Peruvian Data Protection Act.

The DGPDP explicitly referred to the CJEU’s Google Spain case, altering the concept however into ‘cancellation right’. The agency ordered ‘Google’, in the person of either Google Peru or Google Inc. to block access to the content in question from its Google Search services. Moreover, ‘Google’ (again either Google Peru or Google Inc.) was condemned to pay fines for breach of the Data Protection Act.

The DGPDP did not specify the scope of enforcement of the ruling, that is, it did not determine whether the order of removal was to be limited to the .pe domain or whether it had to include the .com domain. Since the order was addressed to both Google Inc. and its local subsidiary, it is not possible to infer to which domain enforcement it was limited to.

The RTBF in Colombia

Currently there are no laws or regulations that specifically deal with the RTBF in Colombia. However, the Colombian Supreme Court recently ruled on the issue of the RTBF within the Colombian legal system25. Although the lawsuit was brought against El Tiempo newspaper as sole defendant, the plaintiff asked the judge to order the defendant to block and erase from all available search engines – specifically from Google.com – any negative information related to the plaintiff.

Google Colombia participated in the proceedings as interested third party, arguing that it did not have control over the search engine – either the .com or .com.co domains – nor could Google Colombia be found to be liable for any violation of the plaintiff’s rights, since it had a separate legal personality from Google Inc. Moreover, Google Colombia argued that the owner of the content alone was responsible for the content hosted on their website.

In Gloria v. Casa Editorial El Tiempo, the Supreme Court performed a detailed balancing test between the right of free speech and information, the principle of net neutrality, and the right to honour and privacy. The court ruled that the principle of net neutrality was protected by the right of free speech and information. Moreover, the court determined that it could not order Google.com to block the search results from its search engine, considering that it would impose an undue restriction on the right of free speech and information. The court made references to Google Spain, but ultimately considered that it constituted an unnecessary sacrifice to the right of free speech and information, and the principle of net neutrality, thus failing the court’s proportionality test.

The court warned that, should search engines be responsible for what third parties have created on the internet, it would transform them into censors or managers of content, which the court ruled to be against the very architecture of the internet itself.

The court found that Google was not responsible for the content. Moreover, the court ruled that Google was not to de-index the information expressly because the court felt that such order would not protect the principle of net neutrality, which could only be restricted exceptionally.

The court ruled that it was not Google’s indexation of the information that violated the plaintiff’s rights, but the diffusion of an outdated news article by the defendant. Therefore, Google was found not to be responsible of the violation of the plaintiff’s rights, leading the court to refuse to issue orders to Google.

The court expressly limited this restriction of the right of freedom of speech and information to criminal cases, considering that these cases had a more harmful nature to individuals’ rights to honour and privacy. Furthermore, the restriction was allowed in cases involving news that had remained ‘permanently’ on the internet. This suggests a similar approach taken by the Chilean Supreme Court regarding news that was no longer considered ‘news-worthy’ through the passage of time. Finally, the court decided that this restriction did not extend to public figures or public servants, or events involving crimes against humanity or human rights violations, since these events formed part of the building of the ‘national historical memory’ whose importance superseded the individual’s interest.

Currently, this is the only case that expressly ordered the removal or blocking of content from the Google.com domain.

The RTBF in Brazil

Currently there is no law or regulation that expressly deals with RTBF in Brazil. However, a bill was discussed in the Brazilian legislature that would have modified the Brazilian Marco Civil da Internet (the bill of rights for the internet) by including a very wide RTBF. The bill would have granted the courts the competence to order the removal of content, and not just a mere de-listing.

The Superior Court of Justice (SCJ), Brazil’s highest court for non-constitutional issues, recently decided a landmark case dealing with the responsibility and liability of search engine providers. The decision26 came in response to Google Brazil’s appeal against a judgement which had ordered Google’s local subsidiary to remove certain content from its search engine’s database. The SCJ ruled that it was not the obligation of search engine providers to remove search results, but rather that the content owner was responsible for the proper content. Moreover, the court said that search engine providers, by the nature of their service, did not pre-screen the content obtained per search criteria by the user. The court also determined that search engine providers could not be ordered to filter their search results for particular terms, phrases, images, or text regardless of the indication of a specific URL.

It is important to highlight that the SCJ did not expressly rule on the applicability or not of the RTBF in the case, but rather looked solely at the liability regime to determine whether Google Brazil was under the obligation to remove access to the content.

The SCJ in two cases ruled on the existence and applicability of RTBF within the Brazilian legal system. In both the defendant was Rede Globo, the largest commercial television network in Brazil, as the sole defendant. The SCJ had to rule in both cases on whether reporting on crimes that had occurred many decades ago could serve as grounds for the application of the RTBF.

The SCJ ruled in one case27 that the defendant had violated the plaintiff’s rights to honour and dignity by presenting him as co-author in a crime for which he had previously been found not guilty. The court determined that the RTBF applied in cases where the person had been acquitted of a crime or, when having been found guilty of a crime, had served their sentence. The SCJ affirmed the amount for damages to be paid by the defendant.

In the second case,28 the SCJ ruled that the historical importance of a crime or event may outweigh the RTBF and the rights to honour and dignity. The court ruled that the name of the victim was so inextricably linked with the crime itself, that the portrayal of the events would be impossible without using the name of the victim. It thus determined that the right to freedom of the press should prevail. Moreover, the court also determined that the very passage of time had – in a way – made people forget about the crime and had therefore minimised the level of pain the family of a victim of a crime might have felt when seeing the name and images of the victim portrayed and broadcasted on the media.

More recently, the Superior Court of Justice decided in a case involving Google Brazil. The court decided that forcing search engine providers to remove access to content from their search engines would impose an intolerable burden on them. The court determined that this responsibility would, in turn, make these companies into a form of digital censors.29 The court also ruled that, since the content would remain on the internet, the responsibility for that content lied on the content provider, not on the search engine provider.

Importantly, there is a case still pending before the Supreme Court of Justice, Brazil’s highest court on constitutional issues, which may prove to be essential for the application of the RTBF in the Brazilian legal system, as well as fundamental for the balancing between the RTBF and other key constitutional rights and freedoms.

Conclusion

The present research has demonstrated how the RTBF, after its quite recent introduction in Google Spain, has expanded in a rather patchwork manner. Much like the internet itself, the RTBF has had a rather inconsistent application through many jurisdictions. Different legal systems are trying to find a suitable application of the RTBF which also takes other important rights and freedoms into account. It is perhaps a testament to the importance of the issues covered by the RTBF that many countries have found the need to attempt striking a balance between the right to privacy and freedom of expression in the ‘age of the internet’.

The first two of the four key variables we identified in the introduction tend to have been addressed quite clearly by the courts: these are the identification of applicant and defendant. The third variable however is often dealt with without due specification, possibly as a result of lack of technical insight by the courts. The final, fourth variable (application of any order to users outside the territory) has only been addressed twice: once immediately rejected (Cologne), once implicitly suggested but not as such specified in the ruling (Rotterdam).

The relevance of the present research is that it identifies key areas where judges and authorities are focusing when judging on issues involving the RTBF. The jurisdictional issues raised by several courts are particularly relevant, especially when discussing the issues involving the internet. The question regarding the applicability of a de-listing order to a global vs. domestic domain is a logical consequence of these jurisdictional concerns. Furthermore, a key issue particularly discussed in the Latin American cases, deals with concerns that the RTBF could be used – or abused – to allow powerful people to hide cases of corruption. Another important and relevant concern involves the need Latin American countries have to maintain their ‘historical memory’ involving past human rights violations.

The RTBF has presented national courts with a host of challenges, ranging from the balance between the need for privacy to the importance of freedom of expression in a democratic society. National judges and authorities are increasingly being faced with cases that not only deal with complex technological issues, but also force the courts to go beyond the boundaries of national jurisdictions when dealing with an ever-globalised digital world. The present work has identified how these challenges are being judged and decided in multiple jurisdictions. However, many new issues are likely to continue to arise and it appears as though these changes will continue to outpace the legislative work, thus forcing judges and authorities to continue to face new challenges in their attempts at striking the adequate balance between privacy rights and freedom of expression.

References

Scholarly works:

van Calster, G. (2015). Regulating the internet. Prescriptive and jurisdictional boundaries to the EU’s ‘Right to be forgotten’. Retrieved from https://ssrn.com/abstract=2686111

Kodde, C. (2016). Germany's ‘Right to be forgotten’ – between the freedom of expression and the right to informational self-determination. International Review of Law, Computers & Technology, 30(1-2). doi:10.1080/13600869.2015.1125154

Legal decisions:

7th Collegial Circuit Tribunal of the Auxipar Centre of the First Region, file No. N/A, August 2016.

Bluvol, Esteban Carlos c / Google Inc. y otros s/ daños y perjuicios, National Civil Appeals Chamber, 5 December 2012.

C.15.0052.F, Supreme Court Belgium, 29 April 2016, available at http://jure.juridat.just.fgov.be/view_decision.html?justel=N-20160429-2 last consulted 5 December 2017.

Case No. 045-2015-JUS/DGPDP, Personal Data Protection General Directorate, Directional Resolution, File No. 012-2015-PTT, December 30, 2015.

Carrozo, Evangepna c/ Yahoo de Argentina SRL y otro s/ daños y perjuicios National Civil Appeals Chamber, 10 December 2013.

Court of First Instance, Brussels, 25 March 2014, nr. 2013/6156/A.

D. C. V. c/ Yahoo de Argentina SRL y otro s/ Daños y Perjuicios, National Civil Appeals Chamber, 10 August 2010.

Da Cunha, Virginia c/ Yahoo de Argentina S.R.L. Y otro s/ daños y perjuicios, Nation’s Supreme Court of Justice, 30 December 2014.

Decision No. 22243-2015, Supreme Court of Justice, 21 January 2016.

Decision T-277/15, Supreme Court of Colombia, May 12, 2015.

Decision No. Rcl. 18,685, Superior Court of Justice, 5 August 2014.

Decision No. REsp 1.334.097, Superior Court of Justice, 20 October 2013.

Decision No. REsp. 1.335.153, Superior Court of Justice, 20 October 2013.

Decision No. REsp. 1.593.873, Superior Court of Justice, 17 November 2016.Federal Institute for the Access of Information and Data Protection, file No. PPD. 0094/14, 26 January 2015.

Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González, Case C-131/12, ECp:EU:C:2014:317.

Google Inc. v Vidal-Hall & Ors [2015] EWCA Civ 311 (27 March 2015).

Lorenzo, Bárbara cl Google Inc. si daños y perjuicios, Nation’s Supreme Court of Justice, 30 December 2014.

Mosley v Google Inc. & Anor [2015] EWHC 59 (QB) (15 January 2015).

Peña María Florencia c/ Google s/ ART. 250 C.P.C. Incidente Civil, National First Instance Civil Court No. 72, file No. 35.613/2013,

Rodríguez, María Belén c/ Google Inc. s/ daños y perjuicios, Nation’s Supreme Court of Justice, 28 October 2014.

Vidal -Hall & Ors v Google Inc. [2014] EWHC 13 (QB) (16 January 2014).

X and Y v Google Inc. and Google Germany GmbH, Landgericht Köln, 16 September 2015, 28 O 14/14.

Appendix

Table of RTBF judgement in Europe and Latin America

Country

Case/Authority

Parties

Domain

Territoriality of Ruling

Recognition of RTBF - Legislation

Does the ruling impact users in other countries30

Argentina

Esteban Bluvol v. Google (2012), Appeals Court

Argentinian citizen v. Google Inc & Google Argentina

The court did not rule on the removal or de-listing of content, but solely on the liability issue.

Not applicable as the court did not order removal or de-listing of content.

No ruling on RTBF, but subjective liability.

No legislation, bills under debate.

Not applicable

Argentina

Da Cunha v. Yahoo and Others, Appeals Court & Supreme Court of Justice

Argentinian citizen v. Google Inc

Not specified.

General order to remove content.

No ruling on RTBF, but subjective liability.

No legislation, bills under debate.

Not specified

Argentina

Florencia Peña v. Google (2013) First Instance Court

Argentinian citizen v. Google Inc

Not specified.

General order to remove content.

No ruling on RTBF, provisional measure against Google.

No legislation, bills under debate.

Not specified

Argentina

Carrozo v. Yahoo de Argentina and Others (2013) Appeals Court

Argentinian citizen v. Google Inc

Not specified.

General order to remove content.

No ruling on RTBF, but objective liability

No, bills under debate.

Not specified

Argentina

Rodríguez, María Belén v. Google (2014)

Supreme Court of Justice

Argentinian citizen v. Google Inc

Not specified.

General order to remove content.

No ruling on RTBF, subjective liability.

No legislation, bills under debate.

Not specified

Brazil

Rcl. 18,685 Superior Court of Justice

Appeal filed by Google Brazil

Court ruled in favour of Google’s subsidiary. No order to remove content or de-list.

Court ruled in favour of Google’s subsidiary. No order to remove content or de-list.

No ruling on RTBF.

No legislation, bills under debate.

Not applicable

Brazil

REsp 1.334.097

Superior Court of Justice

Brazilian citizens v. Rede Globo (TV network) (Google not involved)

Limited to the .com domain of the defendant. Not addressed to Google.

General order to remove content.

Yes, the court ruled on the existence of the RTBF.

No legislation, bills under debate.

No

Brazil

REsp. 1.335.153

Superior Court of Justice

Brazilian citizens v. Rede Globo (TV network) (Google not involved)

Court ruled in favour of the defendant. No removal or de-listing order.

Court ruled in favour of the defendant. No removal or de-listing order.

Yes, the court ruled on the existence of the RTBF.

No legislation, bills under debate.

No

Brazil

REsp 1.593.873

Superior Court of Justice

Recourse by Google Brazil

Court ruled in favour of the defendant. No removal or de-listing order.

Court ruled in favour of the defendant. No removal or de-listing order.

No, the court explicitly rejected the applicability of the RTBF to search engines.

No

Chile

No. 22243-2015

Supreme Court of Justice

Chilean citizen v. El Mercurio (newspaper) (Google not involved)

Limited to the .com domain of the defendant. Not addressed to Google.

General order to remove or block access to content.

Yes, the court ruled on the existence of the RTBF.

No legislation, bills under debate.

No

Colombia

Decision T-277/15 (Gloria v. Casa Editorial El Tiempo)

Supreme Court of Justice

Colombian citizen v. El Tiempo (newspaper) & Google Colombia

Limited to the .com domain of the defendant. Not addressed to Google.

Google Colombia excluded from the removal and de-listing order.

Yes, the court ruled on the existence of the RTBF.

No legislation, bills under debate.

No

Mexico

Carlos Sanchez v. Google Mexico (2015)

Data Protection Agency

Mexican citizen v. Google Mexico

Not specified.

General order to remove or block access to content.

Yes, the DPA ruled on the existence of the RTBF.

No legislation, bills under debate.

Not specified

Peru

File No. 012-2015-PTT

Data Protection Agency

Peruvian citizen v. Google Inc. & Google Peru

Not specified.

General order to remove or block access to content.

Yes, the DPA ruled on the existence of the RTBF.

No legislation exists, no bills under debate.

Not specified

Belgium

Supreme Court

Nr. C.15.0052.F

29 April 2016

Belgian individual v.

Le Soir (newspaper)

(Google not involved)

Not relevant, only a .be domain

Not specified

Yes, specifically mentioning this right

No

Belgium

Court of First Instance

Brussels, nr. 2013/6156/A

25 March 2014

Belgian individual v. a newspaper (Google not involved)

Not relevant, only a .be domain

Not specified

Yes, specifically mentioning this right

No

The Netherlands

Court of Appeal

The Hague

26 July 2016 ECLI:NL:GHDHA:2016:2161

Dutch individual v. Google NL BV,

Google Inc.

Blogspot.nl. No request for, or broadening of domain names

Excluding Google NL from the claim

Request for removal denied by court, national data protection law applied

No

The Netherlands

Court of First Instance

Rotterdam

29 March 2016

ECLI:NL:RBROT:2016:2395

Dutch individual v. Google NL BV,

Google Inc.

.nl- and .com-URLs, court specifically includes google.com, using the IP-address argument

Excluding Google NL from the claim, ordering Google Inc. to remove the URL’s

Claim to delist granted, national data protection law applied

Not specified

The Netherlands

Interim judge Amsterdam

29 February 2016 ECLI:NL:RBAMS:2016:987

Dutch individual v. Google Inc.

.com-domain, as reviews were posted on google.com/maps

Ordering Google Inc. to remove reviews from Google Maps, Google Search and Google+

Removal of false reviews ordered

Not specified

The Netherlands

Court of Appeal

Den Bosch

6 October 2015

ECLI:NL:GHSHE:2015:3904

Dutch individual v. Google Inc.

.nl-blog (Blogger, created under a .com extension and then copied one-on-one). Appellant during the appeal requested that other domain names would be deleted as well

Ordering Google Inc to make the .nl-blog inaccessible, not the same blog under other extensions, as that was not as such ordered in first instance (‘remove from the internet)

Yes, Google has to remove a blog with a .nl-extension

No

The Netherlands

Court of Appeal, Amsterdam

31 March 2015 ECLI:NL:GHAMS:2015:1123

Dutch individual v. Google NL BV,

Google Inc.

Delisting of both .nl-links and .com-links from Google’s Search requested, no further specification of domains

Not specified

Yes, however claimant is not successful. EU Directive used

No

United Kingdom

Court of Appeal

Vidal-Hall, EWHC 13 (QB)

27 March 2015

British individual v. Google Inc.

Not specified – case deals with establishment of jurisdiction

Application of the procedure to serve a defendant not domiciled in the territory – before proceedings can take place

Claimant successful under Tort, misuse of private information

Not specified

United Kingdom

High Court

Moseley v Google, EWHC 59 (QB)

15 January 2015

British individual v. Google Inc. (claim against Google UK discontinued)

Not specified

Not specified

Only held that claimant has a viable claim

Not specified

France

DPA CNIL, 10 March 2015

CNIL and Google Inc. involved

CNIL specifically wants to broaden to all domain names

CNIL orders Google to delist from all extensions

Pending at Conseil d’Etat – case CNIL v. Google Inc.

Yes

Germany

Administrative Court Hamburg

3 March 2015

15 E 4482/15

Facebook Ireland ltd. v. Hamburg

Not specified

Facebook GER not responsible for (in)action of Facebook IRE

Not granted, German Data Protection law not applicable

Not specified

Germany

Court of First Instance

Cologne

16 September 2015

28 O 14/14

Google DE

Google Inc.

Request to also delist on the .com-domain, next to the .de-domain

No extension to .com-domain granted

Request not granted

No

Poland

GIODOD Data Protection Agency 16 February 2016 DOLiS/DEC – 50

Facebook Poland

Not specified

Not specified. Facebook Poland held responsible even though it is merely a subsidiary

Yes, delete certain information from Facebook

Not specified

Footnotes

1. Case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González, ECLI:EU:C:2014:317.

2. See in particular G. van Calster, ‘Regulating the internet. Prescriptive and jurisdictional boundaries to the EU’s ‘Right to be forgotten’, https://ssrn.com/abstract=2686111, last consulted 5 December 2017.

3. See ibid.

4. Supreme Court Belgium, 29 April 2016, C.15.0052.F available at http://jure.juridat.just.fgov.be/view_decision.html?justel=N-20160429-2 last consulted 5 December 2017.

5. Court of First Instance, Brussels, 25 March 2014, nr. 2013/6156/A

6. Vidal-Hall & Ors v Google Inc. [2014] EWHC 13 (QB) (16 January 2014); Google Inc. v Vidal-Hall & Ors [2015] EWCA Civ 311 (27 March 2015).

7. Mosley v Google Inc. & Anor [2015] EWHC 59 (QB) (15 January 2015).

8. https://www.cnil.fr/en/right-be-delisted-cnil-restricted-committee-imposes-eu100000-fine-google. An unofficial English translation of the CNIL’s decision can be found here: https://www.cnil.fr/sites/default/files/atoms/files/d2016-054_penalty_google.pdf. The CNIL also has made an amusing graphic chart of why it thinks the territorial reach of a request to delisting should be global: https://www.cnil.fr/fr/infographie-portee-du-dereferencement-de-mplaignant-applique-par-google.

9. C. Kodde, Germany's ‘Right to be forgotten’ – between the freedom of expression and the right to informational self-determination, International Review of Law, Computers & Technology Vol. 30 , Iss. 1-2, 2016.

10. http://justiz.hamburg.de/contentblob/5359282/data/15e4482-15.pdf.

11. Landgericht Köln, 16 September 2015, 28 O 14/14, X and Y v Google Inc. and Google Germany GmbH, in which the court emphasised that Google.com is the search engine maintained by Google for the ‘region of the United States of America’ (p.16 of the judgment – our translation).

12. For example, http://www.giodo.gov.pl/280/id_art/9009/j/pl/ or http://www.giodo.gov.pl/280/id_art/9010/j/pl/.

13. This decision has not been published on the website of GIODO, but it discussed on the internet and a ‘leaked’ version of it is published here: https://niebezpiecznik.pl/wp-content/uploads/2016/02/facebook-dec_5016.pdf

14. http://orzeczenia.nsa.gov.pl/doc/4214FE3165

15. National Civil Appeals Chamber, “Bluvol, Esteban Carlos c / Google Inc. y otros s/ daños y perjuicios”, 5 December 2012.

16. National Civil Appeals Chamber, “D. C. V. c/ Yahoo de Argentina SRL y otro s/ Daños y Perjuicios”, 10 August 2010.

17. National First Instance Civil Court No. 72, “Peña María Florencia c/ Google s/ ART. 250 C.P.C. Incidente Civil”, file No. 35.613/2013

18. National Civil Appeals Chamber, “Carrozo, Evangelina c/ Yahoo de Argentina SRL y otro s/ daños y perjuicios”, 10 December 2013.

19. Nation’s Supreme Court of Justice, “Rodríguez, María Belén c/ Google Inc. s/ daños y perjuicios”, 28 October 2014.

20. Nation’s Supreme Court of Justice, “Da Cunha, Virginia c/ Yahoo de Argentina S.R.L. Y otro s/ daños y perjuicios”, 30 December 2014. Nation’s Supreme Court of Justice, “Lorenzo, Bárbara cl Google Inc. si daños y perjuicios”, 30 December 2014.

21. Supreme Court of Justice, decisión No. 22243-2015, 21 January 2016.

22. Federal Institute for the Access of Information and Data Protection, file No. PPD. 0094/14, 26 January 2015.

23. 7th Collegial Circuit Tribunal of the Auxiliar Centre of the First Region, file No. N/A, August 2016.

24. Personal Data Protection General Directorate, Directional Resolution, case No. 045-2015-JUS/DGPDP, File No. 012-2015-PTT, December 30, 2015.

25. Supreme Court of Colombia, decision T-277/15, May 12, 2015.

26. Superior Court of Justice, decision No. Rcl. 18,685, 5 August 2014.

27. Superior Court of Justice, decision No. REsp 1.334.097, 20 October 2013.

28. Superior Court of Justice, decision No. REsp. 1.335.153. 20 October 2013.

29. Superior Court of Justice, decision No. REsp. 1.593.873, 17 November 2016.

30. Does the ruling ask the defendant to delist or remove content such that it impacts the ability of users or citizens from other countries, outside the legal jurisdiction of the court, to access information

Add new comment

You must have Javascript enabled to use this form.