Banking and finance dispute resolution
For the latest news and comment on banking and finance disputes.
For the latest news and comment on banking and finance disputes.
For all the latest news and comment in clinical negligence healthcare law
This collection looks at the latest news and comment on commercial contracting healthcare law. With the health and social care sector under…
For all the latest news and comment in employment and pensions healthcare law
For all the latest legal and regulatory news and comment in health technology
This collection contains DAC B eachcroft's latest report, The Route to Integrated Healthcare , which provides the first practical examples of how…
This collection looks at the latest strategic, commercial, regulatory and negligence legal and advisory news and comment in health and social care. …
For all the latest news and comment on employment and pensions law.
DAC Beachcroft Dublin specialises in insurance, professional indemnity, defendant personal injury, health, commercial litigation and employment work.…
For all the latest new and comment in tax law.
The GC Collective collection offers insight and comment for General Counsels (GCs) and in-house legal teams.
For the latest news and comment on Corporate, M&A and Equity Capital Markets.
Analysis, commentary and checklists on the legal and governance implications of Brexit on businesses operating in, and trading with, the UK
The Accountant's Liability Collection brings you topical news and insight of interest to accountants, actuaries, trustees and other financial…
Events and online training for the health and social care sector.
DAC Beachcroft's LatAm Quarterly Newsletter discusses topical news and issues in Latin America
In response to client suggestions and requests, DAC Beachcroft's insurance sector flagship publication.
For all the latest legal and regulatory news and comment in health and social care integration
For all the latest news and comment in corporate regulatory healthcare law
Find advice, commentary and thought leadership on all aspects of Director's & Officer's Insurance; from contract formation through to complex…
This collection looks at the latest news, comment and development on the law affecting mental health services. The law affecting mental health…
Our market-leading Information Law team regularly publish articles and updates addressing the ever-evolving Information Law landscape.
This collection looks at our Safety, Health and Environment Team and the products and services they can provide. In the climate of increased…
The Insurance Act 2015 comes into force in August 2016 and will represent a significant change to insurance contract law in this country. This…
Legislative changes are bringing major changes to the Insurance landscape. This collection houses DAC Beachcroft's alerts on the pertinent issues.
For all the latest news and comment in clinical regulatory healthcare law
Organisations face ever-increasing expectations from Government, regulators, customers or service users, and other stakeholders, so scrutiny and…
For all the latest legal and regulatory news and comment in healthcare estates and facilities management
This collection addresses the full spectrum of cyber security and data risk management – the zeitgeist of our age.
We have acted for clients in the majority of significant product liability cases that have been decided in the UK over the last 35 years. Our product…
Considering the future landscapes of our cities
The European General Data Protection Regulation (GDPR) came into force on 25 May 2016. A rewrite of European data protection law, the GDPR imposes…
Considering the future of housing
For the latest news and comment on public procurement law.
Welcome to the Construction Risks collection. This space is used to report upon issues of interest to those who seek to allocate, manage and reduce…
Technology, brands and intellectual capital are key assets for any successful business. Our intellectual property (IP) team are experts at helping…
Considering the future of retail
The Insurance Market Conditions and Trends report is DAC Beachcroft's insurance sector flagship publication. Now in its tenth year, the report…
The Solicitors' Risk Collection addresses issues and developments affecting legal practitioners, and the professional indemnity insurers of legal…
Published On: 19 April 2016
The CJEU decision dated 13 May 2014 (the Google Spain case), required that upon a data subject’s valid request, operators of search engines should erase any data that appeared to be inadequate, irrelevant or excessive in relation to the purposes for which they have been processed. Following this decision, the French Data Protection Authority (the “CNIL”) issued a formal notice on 21 May 2015 requiring that Google Inc. proceeds with delisting on all of the search engine's domain names and not just the European ones.
On 10 March 2016 the CNIL issued Google Inc. with a fine of €100,000 (the "Fine"). The Fine was based on Articles 38 and 40 of the Law n° 78-17 of January 6th 1978 on Information Technology, Data Files and Civil Liberties (the “French Data Protection Act”) which provides data subjects with the rights to erasure and objection to the processing of their personal data (the "Decision").
The main points of the Decision, relate to the following:
1. CNIL’s territorial jurisdiction
Google Inc. argued that the CNIL does not have jurisdiction over search engines that are accessible through domain names that are not French (e.g. google.com) and which cannot be, as such, directly linked to its subsidiary Google France.
However, the CNIL considered that Google Search in its entirety constitutes a single data processing operation, regardless of the fact that the search results could be reached through various domain names. Therefore, considering that through its subsidiary Google France, which promotes and sells advertising space, Google Inc. participates in the data processing by virtue of its role as data controller, the CNIL found itself to have jurisdiction over this single data processing operation that concerns the personal data of French residents.
2. Efficiency of the delisting, freedom of expression and information
The CNIL stated that the right to privacy of French data subjects would not be efficiently protected if, despite the request to delist their data from the search results, they could still be easily accessed through the use of Google Search of any of its non-European domain names.
On 21 January 2016, Google suggested extending its delisting policy and restricting access to the delisted URL to all of its domain names with respect to searches carried out from the country where the delisting request was made, i.e. France. The CNIL considered such a solution to be insufficient and one which would be unable to provide adequate safeguards to the privacy rights of the French data subjects, as the results would still be accessible in other countries and access to the delisted contents could be possible by using tools such as VPN.
Finally, Google Inc.’s argument that a global delisting would disproportionally impede the freedom of expression and the right to information did not convince the CNIL who highlighted that delisting requirements were subject to a proportionality test.
It is also noted that the Decision is part of CNIL’s increasing activity with regards to its control activities and the application of sanctions; recently Optical Center was issued a fine of € 50,000 and Facebook has been served with a formal notice. The French Digital Republic Bill recently discussed, before the French Parliament, increasing CNIL’s powers and, in line with the GDPR, increasing the amounts of applicable sanctions.
To view the Decision, please click here.
Submitted by Thierry Dor (Partner) and Dane Rimsevica (Associate) of the IP/TMT department of Gide Loyrette Nouel - Paris, France