By partner Olivier Cousi
The historical decision rendered by the European Court of Justice in its decree of 13 May on the right to oblivion gives substance, twenty years later, to a principle included in the 95/46/EC directive of 1995 indicating that, in the name of the protection of privacy, European country citizens have rights as regards those managing the handling of their private data. The European Court of Justice highlighted this point at the beginning of its decree, thereby clearly placing the safeguard of fundamental rights as the basis of its decision.
The concept of asserting a “right to oblivion” appeared with the generalisation of Internet usage that placed citizens at the mercy of a more or less faithful image of themselves circulating online, and which constitutes their e-reputation.
In 2013, the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament adopted a “Package” on personal data, aiming to replace the 1995 Directive and including the right to request the deletion of data.
The ECJ has decided that the search engine operator must, when requested, delete links to web pages if the web user’s request is justified. The decree does not, however, put in place a right to the removal of the website from the index: the links remain accessible, in particular from the US search engine Google.com, to a European web user.
The solution put in place by the Court is therefore not as strict as the draft regulation that will replace the 1995 directive, which recommends the complete deletion of data and which must be adopted “at the latest in 2015” by France and Germany. The entry into force of the Regulation should also render the Court’s decision null and void.
The scope of the 13 May decree must however be put into perspective, since the right to removal of websites from the index is already in place in several European Union countries, including in France.
The real significance of the decision of 13 May 2014 lies rather in the territorial application of the 1995 directive, which provides that the domestic law in which the decree is transposed applies in particular when “the processing of personal data is carried out as part of a body’s activities” on the territory of an EU member state (art. 4). Google Inc. is thus responsible for the handling of such data, even in those European countries in which its subsidiaries operate.
You will find a detailed presentation of this topic in French journal Option Finance No. 1275 dated Monday 23 June 2014, as well as an article written by Olivier Cousi on the specialised Journal du Net website.