TY - JOUR
T1 - Google LLC v. Commission nationale de l'informatique et des libertés (CNIL)
AU - Zalnieriute, Monika
PY - 2020/4
Y1 - 2020/4
N2 - In Google LLC v. Commission nationale de l'informatique et des libertés (CNIL), the Court of Justice of the European Union (CJEU or Court) held that the EU law only requires valid “right to be forgotten” de-referencing requests to be carried out by a search engine operator on search engine versions accessible in EU member states, as opposed to all versions of its search engine worldwide. While the ruling has been perceived as a “win” for Google and other interveners, such as Microsoft and the Wikimedia Foundation, who argued against worldwide de-referencing, the Court also made clear that that while the EU law does not currently require worldwide de-referencing, “it also does not prohibit such a practice” (para. 72). As a result, the CJEU found that an order by a national supervisory or judicial authority of an EU member state requiring worldwide de-referencing in accordance with its own national data protection laws would not be inconsistent with EU law where the data subject's right to privacy is adequately balanced against the right to freedom of information. By leaving the door to extraterritorial de-referencing wide open, the CJEU continues to pursue its post-Snowden hard-line stance on data privacy in a manner that is likely to transform the data privacy landscape.
AB - In Google LLC v. Commission nationale de l'informatique et des libertés (CNIL), the Court of Justice of the European Union (CJEU or Court) held that the EU law only requires valid “right to be forgotten” de-referencing requests to be carried out by a search engine operator on search engine versions accessible in EU member states, as opposed to all versions of its search engine worldwide. While the ruling has been perceived as a “win” for Google and other interveners, such as Microsoft and the Wikimedia Foundation, who argued against worldwide de-referencing, the Court also made clear that that while the EU law does not currently require worldwide de-referencing, “it also does not prohibit such a practice” (para. 72). As a result, the CJEU found that an order by a national supervisory or judicial authority of an EU member state requiring worldwide de-referencing in accordance with its own national data protection laws would not be inconsistent with EU law where the data subject's right to privacy is adequately balanced against the right to freedom of information. By leaving the door to extraterritorial de-referencing wide open, the CJEU continues to pursue its post-Snowden hard-line stance on data privacy in a manner that is likely to transform the data privacy landscape.
UR - http://www.scopus.com/inward/record.url?scp=85084298260&partnerID=8YFLogxK
UR - https://doi.org/10.2139/ssrn.3516337
U2 - 10.1017/ajil.2020.5
DO - 10.1017/ajil.2020.5
M3 - Article
SN - 0002-9300
VL - 114
SP - 261
EP - 267
JO - American Journal of International Law
JF - American Journal of International Law
IS - 2
ER -