French privacy regulator fines Google for not removing RTBF links outside of Europe
CNIL in France refuses to compromise on demand that Google remove all Right to Be Forgotten content from its entire index.
The French privacy authority, the Commission Nationale de l’informatique et des Libertés (CNIL), has taken an extreme and potentially dangerous position that unwittingly supports internet censorship.
CNIL, and others in Europe, have repeatedly demanded that links expunged from the search index under Europe’s “Right to Be Forgotten” law (RTBF) be removed from all of Google’s indexes globally.
The position is based on the notion that individual country domain removals can be circumvented by going to Google.com. Google has resisted removing RTBF content on a global basis on the grounds that it represents regulatory overreach and that citizens of other countries should not be subject to French or European law.
Previously, Google said that it would limit RTBF to European users:
We’ve been working hard to strike the right balance in implementing the European Court’s ruling, co-operating closely with data protection authorities. The ruling focused on services directed to European users, and that’s the approach we are taking in complying with it.
This has not satisfied CNIL.
Google has recently tried to more aggressively police access to disputed RTBF content by making it inaccessible globally for all European users, but not to users outside of the jurisdictions where RTBF applies. In other words, no user within Europe would be able to access RTBF-removed links — period. The links would still be available to searchers in Japan or Canada, for example. In this compromise, Google has sought to comply with CNIL’s demand without imposing French or European law on the rest of the world.
Despite these efforts, French authorities fined Google $112,000 today for failing to remove RTBF links from the entire search index globally. The New York Times quotes French regulators, who argued that European privacy rules could only be effectively implemented if they have global reach:
“For people residing in France to effectively exercise their right to be delisted, it must be applied to the entire processing operation, i.e., to all of the search engine’s extensions” . . . CNIL said in a statement.
Google has said it will appeal.
Beyond the fact that European regulators and courts have no jurisdiction over non-Europeans outside Europe, CNIL’s unwillingness to compromise seems to ignore potentially larger issues and unintended consequences. Emboldened by European positions on global link/content removal, countries such as China, Russia, Saudi Arabia or Pakistan could pass laws that ask for the same type of content removal — but of content that’s politically unpalatable or disagreeable in some way.
It’s not the substantive law that should be the focus of this debate, but the attempt to expand jurisdiction and control to the entire globe. Indeed, it’s not much of a leap from the seemingly legitimate French attempt to protect its citizens’ privacy to more obvious censorship in the form of China asking Google to globally remove content about the Tiananmen Square massacre (because it’s unfair to Chinese citizens somehow). Russia could ask Google to remove content critical of the Russian government, as subversive and destabilizing of the regime. Saudi Arabia or Pakistan might seek global removal of any content critical of Islam or the Prophet Muhammad.
These examples in principle are not distinguishable legally from what the French are trying to do. And by refusing to compromise, CNIL and others in Europe are unwittingly paving the way for these types of demands from self-interested or corrupt governments that might attempt to more nakedly censor the internet.