Your World of Legal Intelligence
 United Kingdom | +44 (0) 20 7284 8080

Control over Personal Data in a Digital Age: Google Spain v AEPD and Mario Costeja Gonzalez

Document Cited authorities 3 Cited in Related
Vincent
Published date01 May 2015
AuthorOrla Lynskey
DOIhttp://doi.org/10.1111/1468-2230.12126
Date01 May 2015
CASES
Control over Personal Data in a Digital Age: Google Spain
vAEPD and Mario Costeja Gonzalez
Orla Lynskey*
In the Google Spain judgment, the Grand Chamber of the EU Court of Justice determined the
circumstances in which a search engine is obliged to remove links to data pertaining to an
individual from the results displayed. The Court also considered the material and territorial scope
of the EU data protection rules. This note argues that the Court’s findings, which have been
heavily criticised, are normatively coherent. The broad scope of application of data protection
rules and the right of individuals to have their data deleted when certain conditions are fulfilled
both play a part in granting individuals effective control over their personal data – an objective of
EU data protection law.
INTRODUCTION
After almost two decades of obscurity, data protection law has been propelled
into the limelight in recent years. The reform of the EU data protection
regime proposed by the European Commission in 2012, the Snowden rev-
elations of 2013 and the first use of the EU Charter to annul an entire piece
of secondary legislation – the Data Retention Directive1– have all contributed
to the rise to prominence of this longstanding policy. The most recent data
protection development to attract widespread global attention has been the
judgment of the EU Court of Justice (the Court) in Google Spain SL, Google
Inc vAgencia Española de Protección de Datos and Mario Costeja González2(Google
Spain), discussed in this note.
In Google Spain the Court was asked to determine what obligations – if any –
EU data protection law imposes on search engines, in this instance Google,
vis-à-vis individuals who seek to suppress information relating to them which is
lawfully available online. The Court held that when a person is searched for by
name in Google’s search engine, Google is obliged to remove links to web pages
from the results its search engine displays if the processing of this data is
incompatible with the provisions of the Data Protection Directive (the Direc-
tive).3These links must be removed irrespective of whether the web pages
*Assistant Professor of Law, London School of Economics and Political Science.
1 Joined Cases C-293/12 and 594/12 Digital Rights Ireland ltd and Seitlinger and ors [2014] ECR I-238.
2 Case 131/12 Google Spain SL, Google Inc vAgencia Española de Protección de Datos and Mario Costeja
González [2014] ECR I-000 (nyr).
3 European Parliament and Council Directive 95/46/EC of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the free movement of such data
[1995] OJ L281/23.
bs_bs_banner
© 2015 The Author. The Modern Law Review © 2015 The Modern Law Review Limited. (2015) 78(3) MLR 522–548
Published by John Wiley & Sons Ltd, 9600 Garsington Road, Oxford OX4 2DQ, UK and 350 Main Street, Malden, MA 02148, USA

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT