Taking up a complaint concerning a Spanish citizen, the European Court of Justice said individuals have this right “to be forgotten,” under certain circumstances when their personal data becomes outdated or inaccurate.
Specifically, this applies when such data “appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to the purpose for which they were processed and in the light of the time that has elapsed.”
This was based on the finding that under current data protection norms in the European Union, “an Internet search engine operator is responsible for the processing that it carries out of personal data.”
There was no immediate response from Google but the company, which dominates the Internet search industry, has previously argued that it is responsible only for finding the information.
As long as this is correct and legal, and therefore properly part of the public record, it believes it should not be obliged to delete such data, which it argues amounts to “censorship.”
Tuesday’s ruling came as a surprise because last year a top ECJ lawyer had argued that Google was not responsible for the data carried by websites appearing on its search engine and that EU citizens did not have a “right to be forgotten” in the digital world.
That opinion had suggested the ECJ would rule accordingly in due course.
The case centres on a Spanish national who went to court because the personal details of his involvement in a debt recovery operation continued to appear on the online version of a Spanish newspaper long after the legal dispute had been resolved in favour of the plaintiff.
Spain’s data protection agency, the AEPD, found that the newspaper was not at fault because the information was correct at the time. However, it upheld the complaint against Google, asking it to delete the material from its search results.
When Google appealed, Spain sought guidance from the ECJ to resolve the issue.
European Justice Commissioner Viviane Reding proposed in 2012 that a “right to be forgotten” be included in EU legislation on data protection to meet concerns it was not adequate given the pace of technology change.
Personal data protection has become an even more sensitive issue with revelations of massive US and other intelligence service snooping.