How Google's Win On “Right To Be Forgotten” Laws in EU Undermines GDPR

How Google's Win On “Right To Be Forgotten” Laws in EU Undermines GDPR

Contrary to the World Wide Web’s name, the internet is still bound to the constraints of petty nationalism, forcing the EU’s top court to rule that Google does not have to comply with “right to be forgotten” requests regarding sensitive information outside of Europe, Reuters reports.

“The balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world,” the court said in their closing statement over the weekend. “There is no obligation under EU law, for a search engine operator who grants a request for de-referencing made by a data subject… to carry out such a de-referencing on all the versions of its search engine.”

In a stunning victory for the world’s most powerful search monopoly, the European Court of Justice found Google’s national sovereignty left the union with no authority to enforce data protection laws universally — presenting a fundamental misunderstanding over how the internet works, disregard for the loopholes used to circumvent privacy rights and the monumental scale required to ensure online protection.

Since 2014, the EU has made judicial and legislative strides in granting their citizens the “right to erasure” of their user data, meaning companies are forced to delete contested information if there’s no reasonable justification to keep it within their systems. Under 2018’s controversial law known as the General Data Protection Regulation (GDPR), public requests can be made against any organization “verbally or in writing” and their case must be completed within a month’s time under the threat of potential court proceedings, exorbitant fines and jail time.

Google has argued these laws can sometimes be abused, making their case under the guise of how uncited authoritarian governments could potentially try to “cover-up human rights abuses” outside of European jurisdiction, effectively knee-capping the press in fact-gathering and hurting the online public interest, according to BBC News. “We’ve worked hard to implement the right to be forgotten in Europe, and to strike a sensible balance between people’s rights of access to information and privacy,” a Google spokesperson told reporters following the ruling. “It’s good to see that the court agreed with our arguments.”

This narrative, however, doesn’t stand since these erasure rules are overturned when data is subject to “freedom of expression and information, legal obligations, archiving in the public interest, scientific or historical research or statistical purposes or for the defense of legal claims,” as outlined under GDPR law. Human rights abuses obviously fall within this scope. Cases establishing erasure as a guaranteed right is only limited to when user data is deemed “lawfully withdrawn, inadequate, irrelevant or excessive” in the company’s possession, such as when information is harvested and used for “direct marketing purposes” and consent has since been revoked.

Google’s economic model relies on an overabundance of data, evidenced in its continual scandals surrounding secret VPN data harvests, surveillance breaches through services like Google+ and Gmail, selling data to their highest bidders through shady subsidiaries, and other stories, indicating their true interests lay within their status quo business as usual over genuine concern for human safety. Even still, the company has somewhat complied with these data protections since they were first introduced, claiming to have received over 845,000 requests for over 3.3 million web addresses and removing around 45% of the links involved.

Nevertheless, this standard only applies to the company’s main site (Google.com) and their European versions (such as Google.fr, Google.co.uk, and Google.de) and can be easily circumvented through the use of a virtual private network (VPN) and other tools which mask user locations. As the BBC notes, the ECJ ruling demands that delistings must “be accompanied by measures which effectively prevent or, at the very least, seriously discourage an internet user” from access outside of non-EU sites. 

Google has failed to enforce this precedent, whether through understandable inabilities or just willful ignorance over the success of its own platform. “It will be for the national court to ascertain whether the measures put in place by Google Inc meet those requirements,” the ruling states, leaving the all-mighty tech giant with potential court case after court case over circumvention that could be avoidable through adopting an international approach. As it stands, Google is simply limiting data access to those who aren’t all that savvy with data to begin with.

Related News