Find Ecommerce Pros to Grow Your Online Business on ALL EC Ecommerce Exchange
Welcome Guest | Sign In

EU Court Hands Google a Missing Links Quandary

By Richard Adhikari
May 13, 2014 2:43 PM PT

The European Court of Justice, which is the highest court for matters of European Law, on Tuesday handed down a preliminary ruling that indicates Google may have to remove links to consumers' names on request -- if appropriate.

EU Court Hands Google a Missing Links Quandary

The case was referred to the ECJ by Spain's Audiencia Nacional, or National High Court. The ECJ's ruling lays down the guidelines for the Audiencia Nacional in hearing the case.

Still, the indications are that Google, Facebook and other companies whose business revolves around mining and selling consumer data might be at risk.

"This, and other legislation that's coming down the pipeline ... is bad news for Google, Facebook and others who rely on getting personal information and direct marketing to consumers," Darren Hayes, a professor at Pace University's Seidenberg School of Computer Science and Information Systems, told the E-Commerce Times.

Case History

In March 2010, Spanish national Costeja Gonzalez filed a complaint with the Spanish national data protection agency, the Agencia Española de Protección de Datos, or AEPD, against newspaper publisher La Vanguardia Ediciones, as well as against Google Spain and Google Inc.

Gonzalez wanted links to his name amended so they would no longer show the 1998 publication in La Vanguardia's newspaper of an announcement of an auction of his property to recover unpaid social security taxes.

The AEPD rejected his complaint against the publisher, but upheld it against Google Spain and Google Inc.

That led Google Spain and Google Inc. to file separate actions before the Audiencia Nacional.

The Audienca, in turn, sought guidance from the ECJ in March on how to interpret EU Directive 95/46.

What the ECJ Reviewed

The ECJ considered Articles 2, 4, 12 and 14 of Directive 95/46, as well as Articles 7 and 8 of the Charter of Fundamental Rights of the EU.

These covered material and territorial scope; Internet search engines; processing of data contained on Websites; searching for, indexing and storage of such data; responsibility of search engine operators; establishment on the territory of a member state; and the extent of that operator's obligations and of the data subject's rights.

In sum, the ECJ ruled as follows: that searching for data, indexing it, storing it and delivering it as a series of ranked results should be considered processing of personal data; that the search engine operator must be considered the controller of that data processing; and that a search engine operator that sets up a branch or subsidiary in an EU member state to promote and sell ad space offered by that engine to that state's residents has in effect set up shop there.

Further, the search engine operator must remove links to comply with the data subject's right to object, as well as data subjects' rights under Artcles 7 and 8 of the European Union Charter of Freedoms.

The case will go back to the Audiencia Nacional for hearing.

An Important First Step

"I think this [ruling] establishes a very important fundamental right that should be applied to the Internet everywhere," John Simpson, privacy advocate at Consumer Watchdog, told the E-Commerce Times.

"There used to be privacy by obscurity, which is the concept that we all forget things, so if you did something stupid when you were a kid, it doesn't come up when you're 35," he noted.

"That's not the case in the digital era," Simpson said. "The balance has tipped too far into pushing everything out there, and this ruling tips the balance a little bit back towards privacy by obscurity."

However, it's not likely that the U.S. will follow the EU's lead, Hayes opined.

"The U.S. lags behind data protection laws in Europe," he said, "because of the immense power lobbyists wield here."

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Which type of cybersecurity threat concerns you the most?
Theft of my personal assets
A serious privacy invasion affecting me or a close family member
Reputation damage affecting my business
Child pornography, drug and weapon sales, and other Dark Web crimes
Activities that might compromise free and fair elections
A life-threatening attack on the nation's infrastructure