Posts Tagged Right to be forgotten
Of interest to data protection lawyers is Warby J’s excellent review of the test to be applied (particularly within the common law context of misuse of private information). Of interest to readers of this blog, is what is not yet part of the High Court’s ruling: the precise wording of the delisting order. Particularly: defendant is Google LLC, a US-based company. Will the eventual delisting order in the one case in which it was granted, include worldwide wording? For our discussion of relevant case-law worldwide, see here.
Update 3 April 2018 Recently, the so-called “CLOUD Act” was passed by Congress and signed into law. This new law amends the Stored Communications Act to give it a potentially extraterritorial reach. Following this development, the U.S. Government has moved to have the Microsoft case dismissed as moot, and to have the Second Circuit’s decision vacated. [Technically, Congress has enacted, and the President has signed,
the Consolidated Appropriations Act, 2018, H.R. 1625, 115th Cong., 2d Sess. (2018). Division V of that Act is called the Clarifying Lawful Overseas Use of Data Act, or the CLOUD Act. TheCLOUD Act amends the Stored Communications Act, 18 U.S.C. 2701-2712, by adding 18 U.S.C. 2713, which now states:
A provider of electronic communication service or remote computing service shall
comply with the obligations of this chapter to preserve, backup, or disclose the contents
of a wire or electronic communication and any record or other information pertaining to a customer or subscriber within such provider’s possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.]
For background to the Microsoft Ireland case under the Stored Communications Act (SCA), see here. The issue is essentially whether the US Justice Department may force Microsoft to grant access to e-mails stored on Irish servers.
With a group of EU data protection and conflicts lawyers, we have filed an amicus curiae brief in the case at the United States Supreme Court last week, arguing that the Court should interpret the SCA to apply only to data stored within the United States, leaving to Congress the decision whether and under what circumstances to authorize the collection of data stored in other countries.
There is not much point in me rehashing the arguments here: happy reading.
Right to be forgotten v Right to know. In Townsend v Google Inc and Google UK the Northern Irish High Court emphasises public interest in open justice.
In  NIQB 81 Townsend v Google Inc. & Anor the Northern Ireland High Court refused service our of jurisdiction in relation to a request for Google (UK and Inc.) to de-list a number of urls relating to reports on sexual and other criminal offences committed by plaintiff.
Plaintiff seeks an injunction inter alia requiring the defendants and each of them to withdraw and remove personal data relating to the plaintiff, making reference to or tending to reveal sexual offences committed by the plaintiff while a child, from their data processing and indexing systems and to prevent access to such personal data in the future. The Court references ia Vidal-Hall and Google Spain. I will leave readers to digest the ruling largely for themselves for there is a lot in there: consideration of Article 8 ECHR; Directive 95/46; aforementioned precedent; tort law etc.
Of particular note is Stephens J’s finding at 61 that ‘(t)here is a clear public interest in open justice. There is a clear right to freedom of expression. In such circumstances the processing was not unwarranted and that there is no triable issue in relation to any allegation that Google Inc. has not satisfied this condition.’
A judgment to add to the growing pile of internet, jurisdiction and balancing of interests in privacy considerations.
Twitter injunctions – Twinjunctions if you like, rather like Facebook or Google Removal orders, provide classic scenarios for the consideration of the territorial scope of injunctive and enforcement proceedings. Michael Douglas has great review of  NSWSC 1300 X v Twitter. [P.s. 27 November: Michael has more analysis here]. On 28 September 2017, the Supreme Court of New South Wales awarded its final injunction with global reach, directed towards Twitter Inc (based at CAL) and its Irish counterpart, Twitter International Company.
Now, what is refreshing about Pembroke J’s review of the issues is his non-doctrinal analysis of the issue of jurisdiction. He emphasises that there is a long history of courts of equity making in personam orders that are intended to operate extra-territorially (the Court’s jurisdiction is one in equity); (at 40) that Twitter unlike other defendants may disagree with the ruling but will not seek to avoid its social responsibility; that there is a public interest in issuing the worldwide order (and in enforcing it: Pembroke J flags that there are Australia-based assets against which enforcement may be sought); and that given his experience with Twitter, it can be expected to use its best endeavours to give effect to the proposed orders, despite its objection that it is not feasible to pro-actively monitor user content.
Eventually of course the trouble with such an assessment, without consideration of wider issues of public and private international law, is that the issuing, or not, of orders of this kind by the courts, depends on the defendant’s attitude towards compliance. That is hardly a solution serving equal access to the law or indeed equity.
Update 8 November 2017 thank you Dan Svantesson for alerting me to Google seeking preliminary injuntive relief against the order’s enforement in the US. relief which, update 5 February 2018, was granted.
Thank you Stephen Pittel for alerting me to 2017 SCC 34 Google Inc. v Equustek Solutions Inc. – alternative review ia here, and apologies for my late reporting: the case came to my attention late June. I have of course posted before on various aspects of worldwide removal and other orders, particularly in the context of the EU’s ‘right to be forgotten’.
Equustek sued Datalink for various intellectual property violations and found alleged insufficient co-operation from Google in making it difficult for users to come across Datalink’s offerings. Google seemingly did not resist jurisdiction, but did resist the injunction and any ex-Canada effect of same.
The majority in the case however essentially applied an effet utile consideration: if as it found it did, it has in personam jurisdiction over defendant, an extraterritorial reach is not problematic if that is the only way to make the order effective. An order limited to searches or websites in Canada would not have addressed the harm: see Stephen’s verbatim comment (referring to para 38 of the judgment). Google was ordered to de-index globally.
Dissenting opinions suggested Datalink could be sued in France, too, however this I suppose does not address the effet utile consideration of the majority.
Update 23 May 2017 the Case is C-136/17 and the relevant dossier (partially in Dutch) is here, on the unparalleled website of the Dutch foreign ministry. Update 1 February 2018 for a recent English case see  EWHC 137 (QB) ABC v Google. Order to block access was denied for no permisison to serve out of jurisdiction had been sought (Google been incorporated in Delaware.
Many thanks to KU Leuven law student Dzsenifer Orosz (she is writing a paper on the issues for one of my conflict of laws courses) for alerting me to the French Conseil D’Etat having referred ‘right to be forgotten’ issues to the European Court of Justice. I have of course on occasion reported the application of data protection laws /privacy issues on this blog (try ‘Google’ as a search on the blog’s search function). I also have a paper out on the case against applying the right to be forgotten to the .com domain, and with co-authors, one where we catalogue the application of RTBF until December 2016. See also my post on the Koln courts refusing application to .com.
The Conseil d’Etat has referred one or two specific Qs but also, just to be sure, has also asked the Court of Justice for general insight into how data protection laws apply to the internet. The Court is unlikely to offer such tutorial (not that it would not be useful). However any Advocate General’s opinion of course will offer 360 insight.
One to look forward to.