Brussels, 25/06/2013 (Agence Europe) - Internet search engines are not responsible under the EU data protection directive for the personal information that appears on webpages they process, said European Court of Justice Advocate General Niilo Jääskinen on Tuesday 15 June in an opinion published on Tuesday 25 June in Case C-131/12 brought against US internet giant Google Inc. and its Spanish subsidiary Google Spain by the Spanish data protection agency AEPD.
Spain's national court had been asked by the two companies to quash a decision by the AEPD requiring them to delete all online search results for a court case in which an individual was identified several years after a court settlement in which his property had been auctioned off in order to pay social security debts. The Spanish court asked the European Court of Justice whether the data protection directive applied here (95/46/EC), or national legislation because the server providing the search information, Google Inc, is located outside Spain, and its subsidiary Google Spain only acts as a commercial representative for publicity and does not provide online searches using the personal information of its Spanish clients. The Spanish court also asked about Google's legal position as a service supplier and search engine, wondering whether Google could be held responsible for processing personal information under the EU directive; and whether there is a general right for information to be removed or the right to prevent personal information being provided by a search engine.
On the first point, the Advocate General recommends that the Court of Justice should rule that national data protection legislation applies to search engines like Google Inc when they set up subsidiaries in member states for promotion purposes or the sale of advertising if its business is aimed at residents of that country, even if the actual technical processing of information takes place elsewhere (in the United States in this case) because through a key word search, the two companies are connected. On the second point, he says that Google cannot be seen as responsible for the use made of personal information appearing on the web pages it provides and therefore can't be responsible for data protection. Providing a search engine does not give any powers to monitor what appears on other parties' websites and does not allow the search engine to distinguish between personal and non-personal information in the meaning of the EU directive. The AEPD therefore cannot require Google to remove information from its index. On the third point, the judge says that the EU directive does not provide a general right to be removed from the internet and therefore cannot be used against search engines, even though the directive complies with the European Union's Charter of Fundamental Rights. The rights to correct, remove and lock information provided by the directive covers information provided whose processing does not comply with the directive because it is wrong or incomplete, which doesn't apply in this case. He adds that the directive does not allow individuals to restrict or prevent the provision of personal information that an individual feels is damaging or against his interests.
Commenting on this opinion, the vice-chair of the European Parliament's legal affairs committee, Françoise Castex, said that the case showed how out-of-date EU legislation has become (the directive dates back to 1995). She said the new directive being discussed by the EP and ministers would give citizens more rights, including data portability and the right to be removed from the internet, but a decision on the regulation is constantly being postponed! (FG/transl.fl)