Feeds

Google CAN be told to delete sensitive data from its search results, rules top EU court

Judgment: Ad giant 'controls' and 'processes' our stuff

Boost IT visibility and business value

Google and other search engines can be held responsible for the type of personal data that appears on results pages it serves up, the European Union's Court of Justice ruled in a landmark case this morning.

Its decision (PDF) is a rare example of the CoJ disagreeing with an earlier advocate general opinion from June last year, when top judge Niilo Jääskinen said that Google was not obliged to remove sensitive legal content from its search index.

His opinion came after a man complained to Google's Spanish office in 2010 about search results that showed a link to a newspaper article which was first printed in 1998, reporting on a real-estate auction connected with attachment proceedings prompted by social security debts.

In its ruling today, the Luxembourg court - which is presided over by 28 judges, each representing one of the EU member states - cited the 1995 Data Protection Directive. It said:

In today's judgment, the Court of Justice finds, first of all, that by searching automatically, constantly and systematically for information published on the internet, the operator of a search engine "collects" data within the meaning of the directive.

The Court considers, furthermore, that the operator, within the framework of its indexing programmes, "retrieves", "records" and "organises" the data in question, which it then "stores" on its servers and, as the case may be, "discloses" and "makes available" to its users in the form of lists of results.

Those operations which are referred to expressly and unconditionally in the directive, must be classified as "processing", regardless of the fact that the operator of the search engine carries them out without distinction in respect of information other than the personal data.

The CoJ added that the likes of Google could be considered the "controller" in the context of the aged Directive, which has undergone a draft rewrite and has MEP support but won't be subjected to a legislative overhaul this side of the European Parliament elections. Besides that, it is yet to be scrutinised by the Council of Ministers, which could yet stall progress of the bill indefinitely.

Interestingly, the EU's top judges seem to have found wiggle room within the current rules to demonstrate that people living in the 28-member-state bloc have the right to be forgotten online.

The court said that Google was wrong to argue that processing of personal data on its search engine was not carried out by its Spanish subsidiary, in specific relation to the 2010 case. It said:

The court holds, in this regard, that where such data are processed for the purposes of a search engine operated by an undertaking which, although it has its seat in a non-member state, has an establishment in a member state, the processing carried out "in the context of the activities" of that establishment, within the meaning of the directive, if the establishment is intended to promote and sell, in the member state in question, advertising space offered by the search engine in order to make the service offered by the engine profitable.

In short, Google and other search engine operators are obliged - in some circumstances - to kill links to web pages that are published by third parties.

Individuals can approach Google and ask it to delete such links from its search engine. If it refuses, the complainant can take their gripe to a national data watchdog, the court ruled.

“This is a disappointing ruling for search engines and online publishers in general," a Google spokesperson told The Register. "We are very surprised that it differs so dramatically from the Advocate General’s opinion and the warnings and consequences that he spelled out. We now need to take time to analyse the implications."

Google has long argued that such erasure of data amounted to censorship. But cynics may note it could also hit the company's bottom line. ®

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.