Google Inc. has been in touch with data-protection regulators about a European Union court ruling last week that may require it to remove personal information from search results.
Regulators in both Germany and Ireland said they had spoken with Google about the verdict, which gave European residents a “right to be forgotten” online. Google said that the company would release an online tool to remove personal information, Arne Gerhard, a spokesman for privacy officials in Hamburg, Germany, said in a phone interview.
The ruling by the EU Court of Justice opens the way for European users to flood Internet firms with takedown requests, adding costs and time to what they already do in content removal. Google, and other search engines, will have to make the first decision about whether to remove links that may infringe privacy rights before regulators or courts intervene.
“That’s the first step everybody has to take who thinks personal information is displayed on Google that shouldn’t be there -- ask Google to remove it,” Gerhard said.
Al Verney, a spokesman for Google in Brussels, declined to comment. The Mountain View, California-based company said last week that takedown requests are complicated and it might take several weeks to determine how the process will work.
The EU “court didn’t provide much guidance” on how Google should apply its ruling, said Orla Lynskey, a law lecturer at the London School of Economics. “Google needs to ascertain whether the indexing of an individual’s personal data is incompatible with the EU data protection rules” and must “determine whether particular personal information is in the public interest.”
Data Protection Meeting
Privacy regulators from the EU’s 28 countries will discuss in June how the ruling can be enforced, the head of the French watchdog, Isabelle Falque-Pierrotin, said this week.
Google has also been in contact with the Irish Data Protection Commissioner’s Office to discuss the ruling’s implications, Ciara O’Sullivan, a spokeswoman for the regulator, said in an e-mail. The agency has received about 20 queries since the court ruling last week, she said.
Gerhard said Hamburg had received several requests, including about 10 on May 20. Johannes Caspar, the Hamburg data regulator, also said the agency had been in touch with Google.
Regulators usually take charge of compliance for U.S. companies that have European headquarters in their countries, which sees Ireland take charge of Internet firms such as LinkedIn Corp. and Facebook Inc. that are based there. The French agency, known as CNIL, took a lead role last year in a separate review of Google’s privacy policies.
The French authority has received complaints citing the court ruling, it said this week, declining to say how many it got.
The U.K.’s ICO declined to comment on how many requests it had received over removing personal information, saying it is referring all inquiries to Google.