In recent guidelines issued by European regulators implementing the “right to be forgotten” in search engine results, the regulators assert that the so-called right to be forgotten applies to all domains worldwide, including search results on the .com domain. By requiring delisting of search results across all domains, European regulators are potentially establishing themselves as a sort of global online reputation police for Europeans around the world.
The Right to Be Forgotten
Under EU law, the right to be forgotten gives individual Europeans the right to request the deletion of links that appear when that individual’s name is searched. The reasoning behind this right is that the search engine’s processing enables anyone to obtain a structured overview of a person’s life that would otherwise not have been interconnected or could only be found with great difficulty. A May 2014 ruling by the European Court of Justice upheld this right, stating that search engines must, at a user’s request, delete links from search results that violate the user’s privacy and data-protection rights where there is not an overriding public interest for access to the information.
The recently issued guidelines that implement the May 2014 decision state that any delisting of search results under the right to be forgotten must be effective on all domains of the search engine, including the .com domain in the United States. Regulators state that this global reach is necessary to guarantee the protection of the affected individual and to avoid circumvention of the law, given the ease of switching between national domains by users of search engines. The guidelines further state that under EU law, everyone possesses rights to data protection, but in practice, enforcement will focus on claims with a “clear link” between the individual and the EU, such as citizens or residents of EU member states.
Potential Consequences for U.S. Website Operators
While search engine companies in the EU are more definitively subject to the jurisdiction of EU data protection law, it is still unclear how far the reach of the right to be forgotten extends to other Internet service operators, particularly those located outside the EU. Under a strict construction, the rules could apply to U.S. website operators because the rules are not strictly limited to search engines but apply to all services that process personal data. For now, the prudent approach is that U.S. companies with an EU presence should follow this very closely to make sure that the functionality of their websites can scale with the EU requirements.
Of course, attempts by European regulators to effectively censor the U.S. Internet through search engine operators is likely to conflict with U.S. protections applicable to online speech (the First Amendment, for example). This blog will follow any new developments on this issue closely.