Is the Internet willing to forget, after all?

Published: 4 April 2018

As a result of a case in Spain, since 2014 the “right to be forgotten” has enabled anyone to request removal of their data from providers such as Google. Under the right to be forgotten, users can request the companies operating the various search engines to remove from the search results certain data and information that concern them. According to the latest report by Google, European users have requested it to remove over 2.4 million URLs in the past four years. The new European General Data Protection Regulation also states the right to be forgotten as a basic principle.

What can you do if you come across information on the Internet that contains your name and is untrue, was never true or no longer applies, and is inconvenient for you? Your past mistakes and faults showing up in the search results may make it much more difficult for you to find a job and it may cause other serious disadvantages in your life. The right to erasure, also known as the “right to be forgotten” became a topical issue in 2010 when a Spanish citizen sought help from the local data protection agency. He complained that an announcement about a past unpaid social security debt continued to be available on the Internet even after he had paid that sum. The complainant wanted the publisher of the announcement, an online portal, to delete the article or to modify it by removing his personal data. His other objective was to get Google to also delete his personal data so that these no longer appeared in the search results.

Google grants almost one in two requests

The Spanish agency took the case to the Court of Justice of the European Union, which adopted its decision in May 2014 declaring that private individuals had the right to request companies that operate search engines (e.g. Google, Bing (Microsoft) and Yahoo) to remove certain search results pertaining to them. According to its recent report, Google has received a total of 655,786 requests for removal since 2014, in which users asked it to remove more than 2.4 million URLs (web addresses). Google will delete offending content that includes the requestor’s name if it is “not appropriate, not or no longer relevant, or exaggerated”. Based on these criteria, the company granted 43.8 percent of the requests received, removing the offending search results. The largest number of requests for removing URL’s were received from France (483,000), Germany (408,000) and the United Kingdom (305,000); users from Hungary requested the removal of only 20,727 URL addresses.

An expert team set up by Google evaluates each request individually and if the case is not clear enough, it will request the requestor to provide further information. They act in person throughout the entire decision-making process, without any automation. The main question is whether to give precedence to the protection of personal data or to the publication of data in the public interest and the freedom of expression. The ultimate goal with all requests is to safeguard the legal certainty of citizens.

33 percent of the URLs in the requests for removal concerned content in social media or lists of links containing personal information of the requestor, while 20 percent concerned the legal and/or criminal past of the requestor. Google also gives some practical examples in its report: for instance, it received a request from Hungary in which a high-ranking public official requested the top search engine provider to remove some recently published articles about his criminal sentence decades earlier. Google rejected this request. In a complaint from Germany, a rape victim requested the removal of links to a newspaper article about the crime, and Google granted the request by removing the page from the search results under this person’s name.

Google-infografika: A fejeltés joga, avagy URL-eltávolítási kérelmek 2014–2017 között

Image source:

The GDPR may mean regulated forgetting

The right to be forgotten is on the agenda today as the new European General Data Protection Regulation (GDPR), which is to enter into force on 25 May, also discusses it in detail. The GDPR applies to all companies that manage personal data in any way and defines precisely when a company must delete such data. One example is when data subjects revoke their consent to the management of their data and such data management has no other legal grounds. Data must also be deleted when they are no longer needed for the purpose they were collected for originally.

If you would like to request Google to remove some data, you can access the relevant form here: