European regulators tried to force Google to obey “right to be forgotten” directives globally, but in the end, ruled that the search giant only has to delist requested results in European territories. This means that if a European citizen requests that a page be taken down because it contains sensitive or defamatory information about them, Google must delist the result on its European server, but not on any others. Naturally, that in turn means that such results are still viewable via a VPN from within Europe, so long as it’s set to another country, and people outside of Europe can still see such results.
The case in point hinged on a 100,000 Euro fine, and Google’s legal team fought hard to knock it down. This case is a real precedent-setter, and may have larger implications for Europe’s Global Data Protection Regulation, a law that went into effect and has proven to be bothersome and potentially dangerous to many cornerstones of the modern internet.
The regulations were drafted up in the EU back in 2016, and demanded that all personalized data, and even some types of anonymized and aggregated data, get most of the same protections that sensitive data like social security numbers and addresses have enjoyed in the past.
This set of laws calls for explicit consent for most types of usage, among other protections, and affects just about any company that either operates in Europe or possesses any data whatsoever on any European citizen. This means that almost all companies that operate on the global web in any form, or are contracted to handle data and have a chance of running across that of a European citizen, were forced to change their processes in major ways to come into compliance.
The laws ended up having a knock-on effect in many areas, including copyright, and of course Europe’s “right to be forgotten” regulations. With this case essentially limiting Google’s responsibility as far as “right to be forgotten” to Europe, even with the inclusion of GDPR protections, it’s possible that other companies may look to this case if they have any hangups with GDPR compliance, or have any GDPR complaints filed against them.
Though this case could be considered a win for internet companies, the United States is considering passing a set of laws that are said to be similar to the GDPR in the near future. Should that happen, the great many global tech firms that are headquartered in the States could find themselves forced to implement stricter data protection practices across the board.
Given the dearth of recent data breaches all through the web and tech industry, it’s not hard to understand the recent fervor over data protection and privacy laws. Companies like Google and Facebook, which thrive on user data, will be the most impacted, but just about all stewards of personal data could be facing heavy fines in the very near future if they fail to come into compliance with applicable laws, including those laws’ effects on other regulations and related facets of business.