Privacy & Information Security Law Blog

On May 30, 2014, Google posted a web form that enables individuals to request the removal of URLs from the results of searches that include that individual’s name. The web form acknowledges that this is Google’s “initial effort” to give effect to the recent and controversial decision of the Court of Justice of the European Union in Costeja, widely described as providing a “right to be forgotten.” That Google has moved quickly to offer individuals a formal removal request process will be viewed favorably, but the practicalities of creating a removals process that satisfies all interested parties will remain challenging, and not just for Google.

In Costeja, the Court gave little practical guidance on how the removal request process should operate, beyond requiring search providers to examine whether the right of the individual to request the removal of a URL outweighs the public interest in having access to the information. Google’s web form asks requestors to verify their identity and provide the URL that they wish to see removed from Google’s search results, including details of the search terms used. Requestors must also explain how the search result is “irrelevant, outdated, or otherwise inappropriate.” In evaluating requests, Google is required to consider whether there is a public interest in the contested information remaining in the search results.

The expectations of individuals and data protection authorities (“DPAs”) across Europe as to how this balancing test should apply are likely to differ. From the perspective of individuals, widespread references to a “right to be forgotten” overstate the effect of the Court’s decision in Costeja and may have created unrealistic public expectation as to the practical effect of a successful removal request. Even if a removal request is successful, the URL is only removed from the results of searches that include the requestor’s name. The URL will continue to appear in the results of other searches. To achieve complete removal of the URL from the web, an individual would need to approach the webmaster of the relevant site. It seems inevitable that there will be a raft of complaints from disappointed requestors, and an increased workload for DPAs.

DPAs will be expected to provide guidance to search providers and to help educate individuals as to the scope of the removal right described in Costeja. The Article 29 Working Party, an advisory body comprised of European DPAs, will be meeting in Brussels on June 3-4, 2014, where they will discuss the Costeja decision and identify guidelines for its implementation.

As Deputy Commissioner and Director of Data Protection of the UK Information Commissioner’s Office, David Smith, noted in a blog post this week, “[t]he judgment might mark the end of a lengthy legal process, but it marks the beginning in terms of how a decision in Luxembourg affects the man in the street...”

Disclosure: Google is a client of Hunton & Williams