EU data protection laws cannot be used to 'censor' Google

It is not yet a win for Google, since 'opinions' are not rulings, merely legal advice provided to the court. "Even so, we’re encouraged because the case is key to free expression online," said Google's William Echikson, head of free expression, EMEA, in a blog post yesterday. The Court of Justice will pass formal judgement at a later date.

The case revolves around the request of a Spanish man to have his name removed from pages involving a social security debt from ten years earlier. He asked Google to remove the pages from its index where his name was the search term. He also lodged a complaint with the Spanish data protection agency (AEPD). AEPD ruled that the original publisher was not required to remove the pages, but that Google was required to remove the relevant data from its index. 

Google appealed. This time the Spanish national high court referred a series of questions to the European Court of Justice -- and these questions form the basis of Jääskinen's Opinion published yesterdy. His fundamental view is that Google is not the data controller and is therefore not responsible for privacy issues under European data protection laws in this or similar instances.

Google, says Jääskinen, "cannot be considered as ‘controller’ of the processing of such personal data in the sense of Article 2(d) of Directive 95/46, with the exception of the contents of the index of its search engine, provided that the service provider does not index or archive personal data against the instructions or requests of the publisher of the web page."

Another issue is whether the content is legal or illegal. Google can be requested to remove links to illegal content, such as copyright infringement, but requesting the removal of links to legal content effectively interferes with the publisher's right to freedom of expression. Nor can that original publisher be required to alter the content of the online pages: "That would amount to falsification of history," says Jääskinen.

But for Google, the issue is simply one of principle. "In this case we’re simply challenging the notion that information that is demonstrably legal - and that continues to be publicly available on the web - can be censored," says Echikson. "In order to achieve all the social, cultural and economic benefits of the Internet, it must be kept free and open."

It is, however, worth considering whether this is just a temporary victory. Jääskinen also considered whether the existing EU data protection directive implies, although it does not specify, a 'right to be forgotten.' He concluded that it does not. But the proposed new General Data Potection Regulation -- in its original form -- does specify a right to be forgotten. If passed into law, this question may need to be re-examined in the future.

What’s hot on Infosecurity Magazine?