Criteria of the Right to be Forgotten in the search engines

Guidelines 05/2019 on criteria of the Right to be Forgotten in search engines

1.1 Ground 1: The Right to request delisting when the personal data are no longernecessary in relation to the search engine provider’s processing (Article 17.1.a)

18. According to Article 17.1.a GDPR, a data subject may request a search engine provider, following a search carried out as a general rule on the basis of his or her name, to delist content from its search results, where the data subject’s personal data returned in those search results are no longer necessary in relation to the purposes of the processing by the search engine.

19. This provision enables a data subject to request the delisting of personal information concerning him or her that have been made accessible for longer than it is necessary for the search engine provider’s processing. Yet, this processing is notably carried out for the purposes of making information more easily accessible for internet users. Within the context of the Right to request delisting, the balance between the protection of privacy and the interests of Internet users in accessing the information mustbe undertaken. In particular, it must be assessed whether or not, over the course of time, the personal data have become out-of-date or have not been updated.

20. For example, a data subject may exercise his or her Right to request delisting pursuant to Article 17.1.a when:

  • information about him or her held by a company has been removed from the public register;

  • a link to a firm’s website contains his or her contact details although he or she is no longer working in that firm;

  • information has to be published on the Internet for a number of years to meet a legal obligation and remained online longer than the time limit specified by the legislation.

21. As demonstrated by the examples, a data subject may notably request the delisting of a content where the personal information are obviously inaccurate due to the course of time, or outdated. Such an assessment will incidentally be dependent on the purposes of the original processing. Consequently, the original retention periods of personal data, when available, should also be considered by Supervisory Authorities when they conduct their analysis of delisting requests pursuant to Article 17.1.a GDPR.

author avatar
Richard V

You may also like

Children Safety Encryption www.privacad.com
Apple’s New Step to Protect Child Abuse via Encryption Feature
20 August, 2021
DNA Technology and Privacy www.privacad.com
DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
19 August, 2021
www.privacad.com
India accuses Twitter of not complying with new IT rules
18 August, 2021