Criteria of the Right to be Forgotten in the search engines

Guidelines 05/2019 on criteria of the Right to be Forgotten in search engines

SECTION 1  THE GROUNDS OF THE RIGHT TO REQUEST DELISTING UNDER GDPR

13. The Right to request delisting as provided by Article 17 GDPR does not change the findings of the Costeja judgement, in which the CJEU held that a request for delisting was based on the Right to rectification/erasure and on the Right to object, pursuant to Article 12 and Article 14 of the Directive respectively.

14. Article 17.1 sets out a general principle to erase the data in the six following cases:

  • a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17.1.a);

  • b. the data subject withdraws consent on which the processing is based  (Article 17.1.b);

  • c. the data subject exercised his or her Right to objec tto processing of his or her personal data pursuant to Article 21.1 and 21.2 GDPR;

  • d. the personal data have been unlawfully processed (Article 17.1.d);

  • e. the erasure is compliant with a legal obligation (Article 17.1.e);

  • f. the personal data have been collected in relation to the offer of information society services to a minor (Article 17.1.f which refers to Article 8.1).

15. While all the grounds of Article 17 are theoretically applicable when it comes to delisting, in practice, some will be rarely or never used, such as in case of withdrawal of consent (see ground 2 below).

16. A data subject could however make a delisting request to a search engine provider based on more than one ground. For example, a data subject could request delisting because he or she considers it no longer necessary that his or her personal data are processed by the search engine (Article 17.1.a) andalso exercise his or her Right to object to the processing pursuant to Article 21.1 GDPR (Article 17.1.c).

17. In order for Supervisory Authorities to assess complaints regarding a search engine provider who hasrefused to erase aparticular search result pursuant to Article 17 GDPR, Supervisory Authorities should establish whether the content to which an URL is referring to should be delisted or not. They should thus, in their analysis of the substance of the complaint, take into account the nature of the content made available by the publishers of the third-party websites.

author avatar
Richard V

You may also like

Children Safety Encryption www.privacad.com
Apple’s New Step to Protect Child Abuse via Encryption Feature
20 August, 2021
DNA Technology and Privacy www.privacad.com
DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
19 August, 2021
www.privacad.com
India accuses Twitter of not complying with new IT rules
18 August, 2021