Forget About It? Harmonizing European and American Protections for Privacy, Free Speech, and Due Process
Privacy and Power (Cambridge University Press 2017)
21 Pages Posted: 22 Jun 2017 Last revised: 15 Jul 2017
Date Written: November 1, 2015
In May 2014, the Court of Justice of the European Union issued its the now-famous “right to be forgotten” decision, in which the Court ruled that a search engine operator like Google must, upon request from a data subject, remove links that result from searches for an individual’s name when those results are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes . . . carried out by the operator of the search engine.” Google has implemented the Google Spain decision by removing links only within its European domains (such as Google.es or Google.de). But data subjects have recently argued that these privacy protections also should apply to a search engine’s domains worldwide—to all of Google.com for example. To date, European authorities have agreed that these privacy protections should be implemented globally. Further, the Article 29 Data Protection Working Party—composed of all the data protection authorities in the European Union—has determined that these privacy protections should be implemented globally and not just on EU domains. Many U.S. commentators responded to the Google Spain decision by claiming that it was patently inconsistent with the First Amendment’s free speech guarantee and could not withstand constitutional scrutiny in the United States. These commentators contend that if the U.S. passed a law granting individuals the right to demand that search engines remove links to web sites containing embarrassing, harmful, or offensive personal information about them, such a law would violate the First Amendment. These commentators are only partly correct. They fail to recognize the long history within the United States of protecting individuals’ privacy rights—protections that have been rendered compatible with First Amendment freedoms. Contrary to these commentators’ assertions, the First Amendment does not grant the public an absolute right of access to information about other private individuals on matters that are not of public importance. The free speech guarantee does not provide absolute protection for the free flow of information where the content at issue embodies harmful, offensive, or embarrassing information about matters not of public importance. Providing individuals with the right to have links to such information about them removed from search engine results is therefore not necessarily inconsistent with substantive First Amendment freedoms.
The privacy protections recognized in the Google Spain decision are not necessarily incompatible with the substantive protections provided by U.S. free speech law and the balance U.S. courts have struck over time between privacy and free speech. Yet, as implemented, these privacy protections fail to comport with the procedural protections required under the U.S. Constitution. The U.S. Constitution requires that “sensitive tools” be used to distinguish between protected speech and unprotected speech. In particular, the party whose speech is being censored must be provided with notice and an opportunity to be heard by an impartial decision-maker before such censorship occurs. Under the Google Spain decision, search engine operators like Google are required to remove links to information about a data subject without affording the publisher or content provider notice or an opportunity to be heard before such a removal decision is implemented. The European “right to be forgotten,” as it is currently implemented, is inconsistent with the procedural safeguards for speech required under the United States Constitution.
Keywords: right to be forgotten, Google Spain, right to privacy, First Amendment
Suggested Citation: Suggested Citation