The judgment of the Court of Justice of European Union (CJEU) of 13 May 2014 Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (C-131/12) sets a milestone for EU data protection in respect of search engines and, more generally, in the online world.
It grants the possibility to data subjects to request to search engines, under certain conditions, the delisting of links appearing in the search results based on a person’s name.
On Wednesday 26 November, the European data protection authorities assembled in the Article 29 Working Party (WP29) have adopted guidelines on the implementation of the CJEU’s judgment. These guidelines contain the common interpretation of the ruling as well as the common criteria to be used by the data
protection authorities when addressing complaints.
Google has agreed to about 40 percent of the requested URL removals that it has received in the months since the European Union's Court of Justice issued its ruling that empowered citizens of the EU to have search results unlinked from their names online.
Google doesn't delete any content from its search records archives completely. It simply breaks the links between searches on an individual's name and the offending results. That gives complainants the opportunity to use Google to shape their online identity while leaving the content behind those search results intact. According to the new data, Google has removed some 227,000 of those connections since it began, reluctantly, enforcing the ruling.
Today, on 19 July 2016, the Advocate General Henrik Saugmandsgaard Øe of the Court of Justice of the European Union issued an Opinion on a case Tele2 Sverige AB v Post- och telestyrelsen (C-203/15) that deals with data retention obligations that were imposed by law on a Swedish telecom provider.
The Court was asked a set of questions related to the respect of European Union law, in the context of the data retention laws in Sweden and the UK. In the Opinion issued today, the AG re-stated principles that were previously established in the Digital Rights Ireland case. He also provided extensive further analysis of the legal context that national courts need to consider when they “rigorously verify that no other measure or combination of measures” can be as effective as the national data retention regime being proposed.
On 8 September 2016, the Advocate General of the Court of Justice of the European Union gave his Opinion confirming that the agreement between EU and Canada to share Passenger Name Records data is not fully in compliance with European law. The EU-Canada agreement is the least restrictive PNR agreement that the EU has so far adopted.