Google EU Ruling: ‘Right To Be Forgotten’ Decision Underscores Differences In US, Europe Data Privacy Laws

Google’s simple white interface may look the same from country to country, but in Europe some of its search results are going to be literally lost in translation.

In a decision that could prove to be a major thorn in the side of the world’s biggest tech companies, the European Union Court of Justice on Tuesday ruled that individuals may ask Google Inc. (NASDAQ:GOOG) to remove links to Web pages that contain information about themselves, even if that information is legal and accurate.

A decision like this wouldn’t happen in the U.S., where Google, as a search engine, simply provides links to information that is already publicly available on the Internet. It is a messenger of digital data, and the First Amendment protects its right to act as such.

But the 28 member countries of the European Union play by a different set of rules. In Europe, Google can’t count on the blanket support of First Amendment rights to trump those of Internet users who don’t like what’s being posted about them. Rather, court officials there have been taking pains to balance the interests of each party separately, ultimately deciding that Internet users, in some cases, have a “right to be forgotten” if information about them becomes outdated or irrelevant.

The hugely contentious decision stemmed from a 2009 case in which the Spanish newspaper La Vanguardia had posted information about a lawyer’s debt troubles. The lawyer, Mario Costeja, argued that the information, dating to 1998, should be removed, as his debt problems have since been resolved. In an unusual move, Spanish officials ordered Google to remove the links but allowed the original information to remain on the newspaper’s website.

On Tuesday, the EU essentially said that it agreed with that decision, allowing the case to set a precedent for blocking search engine access to public information while leaving the host untouched. “It’s an incredibly big deal,” Jeff Hermes, director of the Digital Media Law Project at Harvard University, said. “Search engines are still important as an index to the Internet. It’s like if you tucked information into a book in the library and then removed the card catalog, to use a very 20th century analogy.”

The Internet may connect people all around the world, but laws governing how data can be used and shared are anything but connected. Over the past few decades, data privacy laws have evolved quite differently on the two sides of the Atlantic, and Tuesday’s ruling appears to be the strongest affirmation of that yet. At the same time, tech companies on both sides of the Atlantic operate under laws crafted during the very early days of the Internet.

In making its decision on Tuesday, the European Union cited Europe’s 1995 Data Protection Directive, a sweeping directive concerning the processing of user data. Under the law, individuals may require “controllers of data” -- which Google was determined to be -- to demand the erasure of information in some situations, particularly if that information is outdated or inaccurate.

“What they did here was say the interests of the publisher of the information are distinct from the interests of the search engine operator, suggesting that the balance can come out differently depending on whether the data subject’s rights trump those of either the publisher or the search engine,” Hermes said.

In the United States, conversely, websites are protected by Section 230 of the Communications Decency Act of 1996, which states that tech companies can’t be held liable for content posted by third parties. It’s a precept that has shielded virtually every user-generated Internet company, from Yelp Inc. (NYSE:YELP) to Facebook Inc. (NASDAQ:FB), which couldn't operate without the legal ability to separate themselves from the content provided by their users.

Writing in the Berkeley Journal of International Law in 2012, law professor Steven C. Bennett detailed some of the hurdles presented by attempts to reconcile EU and U.S. perspectives with regard to data privacy and Internet law. “To some degree, those differences remain unresolved,” Bennett wrote. “The European Union generally adheres to a high degree of government involvement in protection of this fundamental right. U.S. privacy law has, by contrast, largely developed in a patchwork, with a reactive array of state and federal statutes and common law doctrines. The United States, moreover, has traditionally emphasized freedom of expression over privacy, as a fundamental value.”

Tuesday’s ruling came from the highest court in Europe, meaning Google can’t appeal it. The company has issued a statement, saying it is “disappointed” by the decision and still weighing what it will mean “for search engines and online publishers in general.” With the potential for countless “right to be forgotten” requests being lodged in its direction, the decision could be a significant detriment, to say the least. “I think it will be a huge operational burden if they’re required to comply with these procedures as laid out in this opinion,” Hermes said. “It’s going to cause tremendous difficulty for them to operate as a neutral and unbiased search engine.”

Got a news tip? Email me. Follow me on Twitter @christopherzara.