Document Actions

No section

Oblivion, Erasure and Forgetting in the Digital Age

  1. Aurelia Tamò
  2. Damian George


In light of the recent European Court of Justice ruling (ECJ C-131/12, Google Spain v Spanish Data Protection Agency),the “right to be forgotten” has once again gained worldwide media attention. Already in 2012, whenthe European Commission proposed aright to be forgotten,this proposal received broad public interest and was debated intensively. Under certain conditions, individuals should thereby be able todelete personal data concerning them. More recently – in light of the European Parliament’s approval of the LIBE Committee’samendments onMarch 14, 2014 – the concept seems tobe close to its final form.Although it remains, for the most part,unchanged from the previously circulated drafts, it has beenre-labelled as a“right of erasure”. This article argues that, despite its catchy terminology, the right to be forgotten can be understood as a generic term, bringing together existing legal provisions: the substantial right of oblivion and the rather procedural right to erasure derived from data protection. Hereinafter, the article presents an analysis of selected national legal frameworks and corresponding case law, accounting for data protection, privacy, and general tort law as well as defamation law. This comparative analysis grasps the practical challenges which the attempt to strengthen individual control and informational self-determination faces. Consequently, it is argued that narrowing the focus on the data protection law amendments neglects the elaborate balancing of conflicting interests in European legal tradition. It is shown thatthe attemptto implement oblivion, erasure and forgetting in the digital age is a complex undertaking.


A. Introduction

Every individual has experienced episodes in his life he enjoys remembering (and having others remember), and others that he would like to forget (or have others forget).As individuals increasingly make frequent public use of the Internet, usershave become aware of the potential harm persistent information can cause when stored on the eternal memory of the Internet.Considering that digital abstinence is not an option, users are expressing an increased fear of being haunted by their digital past.  [1]


The European Commission (EC) claims to have recognized the problem and recently proposed a “right to be forgotten and erasure” as part of the revision of the 1995 European Data Protection Directive  [2] (Directive 95/46/EC) principles. In light of the increased online activities and opaque privacy policies of web services, the EC wants to strengthen the control and digital rights of individuals. Therefore, users should be given the right to have their data fully removed.  [3]


Legal scholars in Europe and the US have debated the implications of an online right to be forgotten. The first comprehensive approach in this regard was taken by Mayer-Schönberger in his oeuvre “Delete”.  [4] The concept of deletion has since been central to the academic debate, which focuses on the legal, philosophical and sociological foundations as well as potential implications of a policy response.


In this article we approach the topic at hand from a European legal tradition perspective, leaving aside the US-American concepts in this respect. Nevertheless it should be mentioned briefly that the US has been rather critical of the concept of the right to be forgotten.  [5] In particular the implementation of the so-called “Eraser Law” (SB 568, California Business & Professions Code Sec. 22581) in California was controversially discussed in the media.  [6]


The focus of this article lies on interactions among private parties, omitting conflicts arising out of government activities. We will elaborate throughout this article that one should not restrict the debate to the legal provisions but must simultaneously draw insights from the elaborated case law. We will support this approach by showing that European Member States have dealt with questions relating to oblivion and erasure in the age of online activities and interactions by continually balancing the conflicting interests according to long-established norms and concepts.

B. Oblivion, Erasure and Forgetting – Understanding the Concepts Behind the Terminologies

I Privacy Protection in Europe

Before discussing new approaches for protecting the individual’s privacy with data protection tools, we shall briefly put data and privacy protection into context.


The term “data protection” might be misleading since the protected good is not the data itself but the data subject’s fundamental privacy rights.  [7] While the protection of privacy, and the individual’s right to personality in particular, have long been discussed and contested in national legislations in Europe,data protection laws have been evolving only since the second half of the twentieth century.  [8] Unlike mechanisms that protect personality, which are mostly used retroactively (ex post), data protection tries predominantly to guarantee the protection in advance (ex ante) by considering the processing of data as privacy infringing “by default” and thereforemaking processors adhere to data quality principles. In other words,data protection law

has introduced the default rule that the handling of personal data is per se an intrusion unless guiding principles were followed like the purpose limitation principle, the fairness principle and other safeguards like a right of access to one’s own data.  [9]

In the European Union, the processing of personal data must not only fulfil the guiding principles of data quality as provided for in Art. 6 Directive 95/46/EC but must also be legitimate. The criteria for making data processing legitimate are listed in Art. 7 Directive 95/46/EC. One important criteria is consent. However, despite consent being regarded as a promising tool, the reliance upon consent as a basis of justification for the processing of data through private parties has not been successful in providing the intended self-control of the users.  [10] The EU’s comprehensive approach on data protection strives – amongst other things – to increase the individual’s control by clarifying, and possibly strengthening, its rights.  [11] One of these reinforced rights is currently known under its original terminology, the “right to be forgotten”.Thereby, the EU attempts to strengthen the individual’s self-determination  [12] with regard to the processing of his personal data.

II The Right of Oblivion vs. the Right to Erasure

In both the literature and political discussions, there is a lack of uniformity when it comes to defining the overall concept of “deletion” of personal data. While some use the terms “the right of oblivion”, “the right to forget”, “the right to be forgotten” or the “right to erasure” as synonyms, or at least sometimes interchangeably,  [13] others differentiate among the underlying concepts based on their legal rationale and scope.  [14]


In particular, a distinction between the right of oblivion and the right of erasure can add value to the maze of terminologies:


First of all, the right of oblivion – or le droit a l’oubli resp. ildirittoal’oblio according to its French and Italian root  [15] – has historically been applied in severe cases of (potential) defamation and breach of privacy of (mostly) ex-convicts.  [16] The right offers deletion of some public data that are no longer newsworthy, which highlights the importance of the time component, i.e. the period elapsed between the creation of the public data and the request for oblivion.  [17] The rationale behind the concept of oblivion is found in the fundamental respect for privacy.  [18] It aims to prevent potential harm to “dignity, personality, reputation, and identity” of an individual.  [19]


Secondly, the right of erasure provides the data subject with a right to demand the removal of personal data that is being processed by third parties.  [20] This right is rooted in the idea that the data subjects should be able to infer in the data processing (e.g. when the processing is illegitimate) and that the data subject’s consent to the processing of his personal data should be revocable.  [21] Put in a broader context, the goal is to re-balance power between data subjects and data processors. The data subject herewith becomes a right holder over its personal data.


Thus, the aim of each right is different: While the right of oblivion, as a right derived from the fundamental respect for privacy and personality, is based on a lengthy tradition of balancing contradicting interests, the right of erasure can be seen as a way of enforcing a substantial claim, i.e. the claim that a certain way of processing personal data is a violation of data protection principles.


So while the scope of the right to oblivion is limited to outdated data, the right to erasure potentially applies to any data whose processing violates data protection laws. As it is shown in C.1.3, these two concepts can overlap.

III The Right to Be Forgotten

1. Scope and Boundaries

Since the announcement of an EU-wide right to be forgotten by the EC, discussions have circled around the rationale and scope of such a right. In 2012, the EC stated that all data must be deleted whenever the data subjects no longer want “their data to be processed and there are no legitimate grounds for retaining it”.  [22] In a speech given in early 2013, Vice-President of the EC Redingclarified that “the right to be forgotten cannot be absolute just as the right to privacy is not absolute. There are other fundamental rights with which the right to be forgotten needs to be balanced – such as freedom of expression and freedom of the press.”  [23]


As the legislative background of the right to be forgotten (even if now re-labelled as a “traditional” right of erasure, cf. B.III.2) implies, its creation resulted from the increased concern regarding how especially the younger generation makes use of social networking platforms. These concerns have not only been raised in Europe but have also found advocates in California, where a so-called “Erasure Bill” is been debated for teens and children using social networking sites.  [24]


Defining the scope and boundaries of the right to be forgotten has proven to be a difficult task not only at a political level but also among legal scholars. According to Koops,Reding’s speech indicates that the right to be forgotten is already part of the current data protection law in Europe, but it still needs to be reinforced. This argument is based on the Vice-President’s statement that the right to be forgotten shall “strengthen” the rights of individuals. Therefore, the right to be forgotten is seen as a mere support of the right to erasure, which is already established in the current Directive 95/46/EC.  [25] However, according to Koops, two main dimensions, encompassing perspectives on the right to be forgotten in the literature, must be distinguished: these comprise, first, Mayer-Schönberger’s pioneering vision of expiration dates for personal data, or a right to have data deleted in due time and, second, the dimension of oblivion, granting individuals a “fresh start” when news seem no longer newsworthy, and enabling the individuals self-development and freedom to speak, write and act.  [26]


Another approach to distinguish the right to be forgotten has been taken by Weber, who outlines the difference between the active – right to forget – and passive – right to be forgotten – verb tense. Weber states that the difference lies in the time component: while the right to forget requires a past event that has occurred a long time ago, the right to be forgotten allows any data subject to claim the deletion of their data regardless of the length of time elapsed.  [27]


Less focused on the wording and grammatical distinction itself, Rouvorydifferentiates between the perspectives of the parties involved in the act of forgetting. While the right to be forgotten is directed at third parties and their duty to forget, the right to forget is needed for the individual itself, to be able to forget his own past.  [28]


Conceptually, we agree with Ausloos’s and Ambrose’s claim that the right of oblivion and the right to erasure are “two interpretations of the right to be forgotten”.  [29] The authors maintain that the right to be forgotten can be interpreted as a combination of both concepts.  [30]

2. Evolution of Art. 17 General Data Protection Regulation

By reinforcing the idea that “individuals should have control of their personal data”, Art. 17 of the proposed General Data Protection Regulation  [31] (Regulation) can be seen as a step towards a more user-control-based approach in data protection and an attempt to reinforce the principle of informational self-determination in the digital age. Art. 17 (1) of the Regulation states that the “data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child” when the grounds listed in littera (a) to (d) apply. However, the subordinate clause “especially in relation to personal data which are made available by the data subject while he or she was a child” was deleted by the Rapporteur, Albrecht, in his Draft Report, 2012/0011(COD), 17.12.2012 as he feared that such a sub-clause would imply limitations on the applicability of the right to be forgotten with respect to adults.


On the basis of a compromised text by the Irish Presidency, on May 31 and June 21, 2013, the Council of the European Union published an amended version of its initial proposal.  [32] The long-awaited vote of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) was held on October 21, 2013. These compromised amendments of the Draft Regulation were almost unanimously approved by the Parliament on March 14, 2014. The Council of the EU will negotiate the final text with the Parliament and the EC (trilog) and await the final approval by the Parliament once a text is agreed upon.


The Regulation subsumes under theterm right to be forgotten the data subject’s right – on a number of grounds – to delete personal data. One of those grounds is the “withdrawal of consent by which the data controller holds the data”.  [33] This right is currently enacted in Art. 17 (1b) of the Regulation. Even though already today Art. 14 Directive 95/46/EC obliges Member States to provide the data subject with a right to object to the procession of data, this does not embrace scenarios in which consent is withdrawn in retrospect.  [34] Since the Directive 95/46/EC mainly sets the minimal standard for data protection in the EU, the national legislations of Member States can differ in this respect. In other words, the withdrawal of consent as a ground for erasure can be established by national data protection acts.


If erasure on the grounds of Art. 17 (1) of the Regulation is demanded, the data controller has to carry out the erasure without delay.  [35] An exception is granted (inter alia) to the data controller in cases where retention is necessary for exercising the right of freedom of expression, reasons of public interests or for compliance with a legal obligation to retain the personal data by EU provisions or national law of a Member State to which the controller is subject.  [36] Furthermore, Art. 17 (1) (b) explicitly states, that “other legal grounds for the processing” can restrict the data subject’s right to erasure. Of special interest is also Art. 17 (1) (c), which, in combination with Art. 19, strengthens the individual’s rights by allowing the data subject to object at any time to the processing of personal data, unless the controller is able to demonstrate a compelling legitimate ground for such processing.  [37]


The pressing question with respect to the right to be forgotten is to what extent the intensive lobbying has altered the original scope and outreach of Art. 17 of the Regulation. One striking alteration is that the term “right to be forgotten” has been erased and replaced by the previously already used terminology “right of erasure”.  [38] Yet, except for the change of terminology, Art. 17 remains mostly true to its draft versions of 2013. Especially the core provisions that strengthen the position of users remained unchanged. The same holds true for Art. 17 (1b), which allows individuals to withdraw consent to the data processing at any time. However, Art. 17 (2), concerning the data controller’s responsibility to take reasonable steps to inform third parties to follow the demand of erasure when data has been made public without proper justification has been slightly defused. [39] The major amendment concerns the deletion of the last sentence of the original paragraph, which stated that data controllers are responsible for publications by third parties when they authorized the third party to do so. Furthermore, the altered provision does not request data controllers to take all reasonable steps to inform the third party about the erasure request but only reasonable steps. Howthose amendments will affect the data controllers’ responsibilities,especially in light of the mostly unchanged Recital 54, is unclear.


C. Implementing Erasure and Oblivion – A Comparative Analysis

I European Union

1. Relevant Legal Provisions

At the European level, privacy is an essential human right and is protected in Art. 8 (1) of the European Convention of Human Rights (ECHR)  [40] and the more recent Art. 7 of the Charter of Fundamental Rights of the European Union (CFREU). Both articles provide a right to respect of one’s private life, home and communication. Art. 8 ECHR regulates the relationship between individuals and public authorities and does not establish a direct obligation for private parties.  [41] The recent ECJ ruling (cf. C.I.2.) gave some clarity with regards to the impact of those rights on oblivion, erasure and forgetting in the digital age.


Those fundamental rights safeguarding privacy must be weighed against the fundamental rights to freedom of expression and information,  [42] as they are provided for inter alia in Art. 10 and Art. 11 ECHR.


Next to the protection of personal life in Art. 7 CFREU, the CFREU also explicitly protects personal data in Art. 8 (1). Already Art. 16 (1) Treaty on the Functioning of the European Union (TFEU) states that everybody has a right to protection of his personal data. With regard to the processing of personal data, the principles and conditions under which erasure can be demanded are defined in the Directive 95/46/EC. Especially relevant in this regard are Art. 12 (b) and Art. 14. The former article states that every data subject has the right to obtain from the controller – if appropriate – the erasure of processed data, which does not comply with the provisions established in the Directive, in particular if the data is incomplete or inaccurate.


A data subject’s right to erasure will depend on (1) whether the processing of the personal data was legitimate, i.e. in accordance with the requirements set forth in Art. 7 and 8; (2) whether the principles with respect to data quality of Art. 6 were adhered to; and (3) the availability of other corrective measures that would make the processing legitimate.  [43] If these requirements are fulfilled, the data subject can have its personal data erased. Erasure in this sense equals every measure that results in making the personal data unavailable to the data controller.  [44] Information can be erased by physically destroying the medium that carries the personal data, by overwriting the “to-be-erased” data with other information, or by removing the link between the information and the person and therewith altering the character of the data from personal to non-personal.  [45]


Further, the provisions of Directive 2002/58/EC  [46] and Directive 2000/31/EC  [47] apply as lexspecialis with respect to the electronic processing of data. Art. 6 of the Directive 2002/58/EC states that “data (…) must be erased or made anonymous when it is no longer needed for the purpose of the transmission of a communication”.  [48] The Directive 2000/31/EC seeks to implement a differentiated system of intermediate service provider’s liability for illicit content in its Arts. 12-15. While not accounting for erasure or oblivion rights, as will be shown, the latter provisions do play an important role with regard to online privacy protection.

2. ECJ C-131/12, Google Spain vs. Spanish Data Protection Agency

On May 13, 2014, theECJ brought some clarity regarding the practical impact of some of the aforementioned provisions. The Spanish DPA had ordered Google to de-index parts of a newspaper’s archive concerning a data subject’s attachment proceedings back in the 1990s. During appeal proceedings, the High Court of Spain (“Audiencia Nacional”) demanded that the ECJ determine whether Google can be deemed a data controller regarding the contested archives, whether Art. 12 (b) and 14 Directive 95/46/EC oblige Google to de-index third-party-generated web pages and if these provisions provide for a “right to be forgotten”.  [49]


As to whether search engines are to remove certain results that were provided when typing the data subject’s name according to Art. 12 and 14 Directive 95/46/ECthe question was affirmed. Interestingly, the court emphasized that whenever a search is performed by typing a person’s name, the engine establishes “a more or less detailed profile” of such a person, and the interference of this occurrence is catalysed by the role search engines play in today’s society. In Recital 81 and 97, the ECJ then established the general rule that, due to the potential seriousness of such an offence, the data subject’s right to privacy as provided for in Art. 7 and 8 CFREU overrides the interest of Internet users in having access to information as well as the economic interest of the search engine. The impact of this obiter dictum will have to be subject to further research.


With regards to the merits of the case, the court acknowledged the duty of Google to erase such links when demanded to do so by a Data Protection Authority (DPA). It argued that even if the content on the corresponding web page, to which the Google search results linked, was lawful, Google could still be forced to de-index specific results relating to a subject’s name. In particular, the court reasoned that the appearance of the contested data did violate the data relevancy principle as well as the principle of limited retention (Art. 6 (1) c and e Directive 95/45/EC) and therefore was unlawful in the meaning of Art. 12 (b) Directive 95/46/EC. Furthermore, since Google only could justify further processing by invoking Art. 7 (f) Directive 95/46/EC – since the data subject never consented to Google processing his personal data – the court reminded Google that a data subject has a right to object to such processing of personal data pursuant to Art. 14 Directive 95/46/EC.

II France

1. Oblivion and the Various Provisions Protecting Privacy

The French constitution does not provide for a fundamental right to privacy or personality but rather makes a reference to the Declaration of Human and Civic Rights of August 1789 (1789 Declaration) in its preamble. Nevertheless, Art. 9 of the French Civil Code (CC), which guarantees everybody a general right to privacy, can be seen as the codification of the protective standards courts have drawn in the past from Art. 12 of the 1789 Declaration.  [50] Even if some legal scholars deem Art. 29 of the Act on the Freedom of the Press  [51] as the establishment of the right to privacy, the latter is merely a libel action that prohibits defamation.  [52] Additionally, the scope of Art. 1382 et seq. CC (the basic provision of French tort law) has traditionally been very broad, which has led to quite an effective protection of personality rights in France.  [53] The right of oblivion – having personal data deleted when it is no longer newsworthy –is seen as a particular right of personality.  [54] However, up to today the right is not explicitly provided by statute but rather is derived from “judicial reasoning” when applying the aforementioned provisions.  [55]


The effectiveness of the French legislation is also reflected in the country’s extensive case law. In different instances the French jurisdiction has elaborated on the conditions under which an individual can claim his right of oblivion. The High Court of Paris (“Courd’appel”) initiated the discussion, in 1967 in the case DelleSegret v. Soc Rome Film.  [56] In its decision, Mme. S’s demand for damages against a movie company that had produced a docu-fiction movie on the serial killer Henri Landru, to whom she had been a mistress, was rejected, based on the argument that she had previously made the story public in her published memories.


In1981 the High Court of Paris ruled that the disclosure of personal information relating to an individual who had been involved in a tragedy fifteen years back could not be justified because there was no necessity to disclose such information. The court thereby acknowledged a right to oblivion.  [57] In 1983 in the well-known Papon decision,  [58] the Regional Court of Paris (“Tribunal de grande instance”) defined the boundaries of the right of oblivionthathad been acknowledged two years earlier. In Papon the court stated that it is neither the duty nor the competence of French judges to decide how a special episode of history should be remembered or characterized in history. The court argued that a historian could only be liable if he was disclosing inaccurate or twisted facts, or when the disclosure of the facts was not justified by any historical interest when the person concerned was still alive.  [59]


Nevertheless, it seemed to have become the accepted opinio juris amongst French Regional and High Courts that “a public event, after the passing of a sufficiently long time, can become, for the person who was its protagonist, a fact of private life again, which may remain secret or forgotten”.  [60] However, and somewhat surprisingly, when a woman requested the suppression of publications on her activities during the occupation of 1940-45, the Supreme Court’s first civil chamber (“Cour de Cassation”) dismissed the notion that a right of oblivion may be invoked when the information had been lawfully disclosed in the local press and therefore no longer belonged to the private sphere.  [61]

2. Defamatory Autocomplete Suggestions

The judicial reasoning in France shows the delicate balance between the personality rights of an individual,the freedom of the press and the freedom of information depending on the specifics of the case. Today, in particular search engines – or Googleasthe dominant search engine in Europe – also face accusations of infringement of personality rights. In 2010, the Regional Court of Paris had to decide whether the plaintiff could, based on Art. 29 Freedom of the Press Act, demand erasure of the autocomplete suggestions “rapist”, “sentenced”, and “satanist” when inserting his name in the search box.  [62] The court qualified the autocomplete suggestionsas allegations or imputations that undermine the honour or reputation of the plaintiff. The court argued that since the algorithms are based on human thought, Google must prove why the search results they provide should not be viewed as a statement from the company. Since Google failed to do so, they were ordered to delete these autocomplete suggestions.


Another decision of the High Court of Paris dealt with autocomplete suggestions and preliminary measures. The court found that the search suggestion “fraud” next to a company’s name was capable of libelling, especially because the average Internet user follows the suggestions. It concluded that the suggestion could be interpreted as Google’s opinion, in particular because it was presented as helpful input and it was not obvious that it was generated automatically.Therefore,requiringGoogle to take all necessary measures to eliminate those privacy-infringing results did not violate the company’s freedom of expression.  [63] In a later decision, the same court concluded again that it is appropriate to require Google to delete suggestions that were “obvious infringements of privacy”. The respondents’ objection that the suggestion was delivered by an algorithm was dismissed because the court ascertained that Google is able to filter racist or pornographic suggestions and therefore it should be feasible to do the same for defamatory suggestions.  [64]

3. Data Protection Law and Erasure

France was among the first countries that enacted a law on data protection.  [65] The “Loi n°78/17 du 6 janvier 1978, relative à l’informatique, aux fichiers et aux libertés” (Act 78/17), which had considerable influence on the drafting of the Directive 95/46/EC,  [66] was amended in 2004 according to EU standards.  [67] The two most relevant provisions with respect to erasure are Arts.38 and 40. While the former establishes a right to object to the personal data processing for legitimate reasons, the latter guarantees every individual, for any incomplete data, expired data or data for which processing is unlawful, a right to have it rectified, completed or deleted. Art. 40 Act 78/17 is seen as a procedural right which entitles the individual to have its data deleted whenever its right to privacy is infringed. It is interesting to note that most of the reviewed case law regarding the erasure of personal data has not been based on Art. 40 Act 78/17.  [68] Nevertheless, in the 2011 Mme. C. v. Google decision, the Regional Court of Montpellier elaborated that Google had an obligation under Art. 38 Act 78/17 to allow subsequent withdrawal of personal data by de-indexing webpages.  [69] With respect to de-indexation, the recent ruling by the Regional Court of Paris  [70] elaborates on the hosting provider’s liability with respect to erasure. The decision was based on Art. 6 Law for Confidence in the Digital Economy (LCEN),  [71] which establishes the notice and take down obligation on hosting providers, as laid out in the Directive 2000/31/EC (cf. C.I.1).  [72] Under this provision, the hosting provider will be held liable whenever the demanding party demonstrates the hosting provider’s actual knowledge of the contested content and his wrongdoing. Such a wrongdoing is seen in the continued distribution of the unlawful content or in not having reacted to the request immediately.  [73] Therefore, the Court of Paris held that Google had participated in the realization of the moral damage the plaintiff had suffered from having her name linked to pornographic webpages. Even though it is based on different legal norms, the case hassimilarities to the previously mentioned Mme. C. v. Google decision of the regional Court of Montpellier in 2011. In both cases, former porn actresses were demanding the de-indexation of webpages relating to their past activities.


The Regional Court of Paris dealt with explicit content once again when it ordered Google to block images depictingMax Mosley during a privately held Nazi-themed sex act. The British High Court of Justice as well as the Regional Court of Paris had recognized the unlawfulness of distributing such pictures and subsequently approved Mr. Mosley’s demand for erasure.  [74] Google also complied with the erasure notice and deleted several photographs from its image service. Nonetheless, the pictures reappeared, which led Mr. Mosley to demand that Google de-index the defamatory photographs from its search results. Based on Art. 6 LCEN, Mr. Mosley demanded that Google be ordered to remove and prohibit the future publication of those explicit photographs. When applying Art. 6 LCEN, such measures must be proportionate and limited in time. The illegality of the pictures confirmed by two European courts, and the fact that Google filters images automatically when uploading them to its services, led the court to affirm the proportionate nature of the request.  [75]

III Germany

1. Oblivion in the System of Constitutional, Civil and Criminal Privacy Protection

In Germany the Constitutional Court (“Bundesverfassungsgericht”) has interpreted the “right to personality” in Art. 2 (1) of the German Basic Law (GG) of 1949, which guarantees to everyone a “right to free development of his personality”. The introduction of Art. 1 (1) and Art. 2 (1) GG was crucial for the evolvement of personality protection.  [76] In the light of the latter two provisions, German courts interpreted § 823 (1) of the German Civil Code (BGB) – whose scope is not as wide as Art. 1382 CC in France  [77] – in a way that protects the individual’s right of integrity of his physical body and belongings as well as his right to privacy.  [78] However, many specific statutory provisions in private and criminal law further protect personal information –some of which were enacted long before the GG.  [79]


The German case law dealing with the right to personality – and in particular the right of oblivion – is extensive.  [80] Important leading cases  [81] in this respect are the Lebach I and Lebach II decisions. In the German Constitutional Court’s Lebach Idecision, the airing of the ZDF produced docu-drama on a criminal gang who had killed five soldiers in 1969 was prohibited because it showed C’s name and picture (C had been an actual member of the gang and at the time was still in prison). It was reasoned that the airing would have affected his privacy as well as public interest, in regard to putting his rehabilitation in danger.  [82] While the Lebach I verdict was rendered in 1973, the Lebach IIcase dates to 1999. Another TV station wanted to air a TV documentation on the gang’s deeds. This time, however, the gang members were neither named nor were pictures of them shown during the documentary.The German Constitutional Court therefore argued that the right to personality does not entitle criminals with a claim of not being confronted with their deeds in public ever again. Such an interpretation of the Lebach I decision was deemed to be misleading.  [83]


The Hooligan decision of the High Court of Berlin (“Kammergericht”) in 2001  [84] was an interesting one with respect to the digital storage of information. The decision concerned a news article reporting on the tragic incident at the FIFA World Cup 1998 when a hooligan almost killed a policeman by kicking him in the head. The article reported the story (including a picture of the hooligan), rendered a psychological analysis of the hooligan’s character and stated that he was an international drug lord (which turned out to be wrong). The hooligan demanded deletion of the article from the newspaper’s online archive by invoking the tort of privacy infringements in connection with the libel action and his right to personality. The court acknowledged that after a certain amount of time, the criminal’s interest in anonymity could outweigh the public interest in the information. Yet the court got around balancing the right to privacy with the right to information by clarifying that an online archive is a “pull service”, which is not to be confused with a publication. The archive therefore enjoys a right to store any article based on the freedom of speech (Art. 5 (1) GG).  [85]


In 2006 theHigh Court of Frankfurt (“Oberlandesgericht”) also dealt with issues resulting from online newspaper archives and balanced the right of oblivion in light of the benefits of rehabilitation. The court acknowledged a general right of oblivion, but denied it in the particular case due to the plaintiff’s lifetime imprisonment and thus a lack of interest in rehabilitation. The court stated that freedom of speech requires an unrestricted access to information and doubted whether an archive should be ordered to “change history”.  [86] One year later, the High Court of Hamburg did not seem to have such reservations. In its decision, it argued that based on § 823 (1) BGB in connection with Art. 1 (1) and Art. 2 (1) GG, the interest in rehabilitation did outweigh the interest of the archive in being complete. It therefore had to delete the plaintiff’s name from its publications. Furthermore, concerning the potential harm articles on convicted persons can have on their rehabilitation, the court found that monitoring its archives in order to prevent infringements of the right of oblivion seems to be a reasonable obligation for an online archive.  [87]


The so-called Sedlmayr case has gained much attention. Two brothers had killed the famous actor Walter Seldmayr in 1990. Thoughthey had been sentenced to lifetime imprisonment in 1993, one brother was released on probation in 2008. He filed several claims against media webpages, inter alia one against a German radio. The latter had stored an online report dating from 2000in its web archive, in which the 10-year anniversary of the killing was remembered. While the High Court found this case comparable to the Lebach I case, the Supreme Court (“Bundesgerichtshof”) came to a different interpretation of § 823 BGB, Art. 1 (1), Art. 2 (1) GG and Art. 8 ECHR when it weighed them against statutes protecting the freedom of speech and information (Art. 5 GG andArt. 10 ECHR). Even though data protection law was invoked,it was considered not applicable due to reservations resulting from international public law. The Supreme Court stated that whencurrent events are reported,the public interest in the information generally outweighs other individual interests, but that such reports could become unjustified during time. The court subsequently weighed different factors against each other, such as the time elapsed between the event and the report, the correctness of the report and its impact. Since thecontested report was found to be based on true facts and not stigmatizing as well as – unlike Lebach I – not of broad public impact, the Supreme Court decided in favour of the plaintiff.Further it was reasoned that an imperative of deleting identifying reports on criminal conduct would eventually lead to deleting history and the media would not be able to fulfil its purpose of informing the public – as they are ordered by the GG.  [88] Note that the court had similar reservations with regard to “erasing” history as they could be seen in the Regional Court of Paris’ Papon decision (cf. C.II.1). It also must be mentioned that there were several Sedlmayrdecisions, and all media companies defeated the claimant.  [89]


In sum, German jurisdiction has been reluctant to grant the right of oblivion on grounds of infringement of the individual’s right to personality. German courts have balanced (in different instances) the interest in having “historical news” deleted versus the freedom of the press. Especially in light of the potential endangerment of the rehabilitation into society, an interest in oblivion has been acknowledged. As illustrated by the cases presented, the right of oblivion is only granted when the benefits of rehabilitation outweigh the censorship of the press.


Furthermore, one should mention the Kannibale von Rothenburg ruling by the German Supreme Court in 2009, in which a known cannibal was unsuccessful in trying to stop the airing of a horror movie that was an adaption of his disturbing deeds. His case was dismissed because he himself had exposed details of his crime and person to the public and therefore failed to prove that his rehabilitation was endangered by the movie.  [90] Similar to the above-mentioned 1967 Paris Appellate Court’sDelleSegret v. Soc. Rome Paris Film decision,  [91] the conclusion may be drawn that a right of oblivion can also be waived if the subject itself reminds the public of its deeds.

2. Data Protection Law and Erasure

The fundamental legal ground for privacy protection when personal data is being processed lies in the German Federal Data Protection Act (BDSG). This law incorporates the principles of data processing laid out in the Directive 95/46/EC.  [92]


§ 35 BDSG lays out the foundation of the right of erasure of personal data when this data is being processed by non-state entities. In particular, § 35, (2) BDSG distinguishes four general situations in which personal data may be erased; these arise whenever (1) the data is unlawfully recorded, (2) the data is sensitive, (3) the purpose of the collection of the data is fulfilled or (4) further retention is unnecessary. Moreover, personal data may not be collected, processed or used if the data subject lodges an objection with the controller and an examination indicates that legitimate interests of the data subject due to its particular situation outweigh the interest of the data controller in such collection, processing or use.  [93]


One case that dealt with § 35 BDSG was decided atthe dawn of the new millennium by the High Court of Hamm. The defendant, a business information agency, had stored information on the plaintiff’s number of employees, business routine, mode of payment, assets and liabilities. Most data was compiled from public sources, except the assets and liabilities which had been estimated. The plaintiff filed a lawsuit against the business information agency in which it demanded erasure. The court acknowledged that § 35 BDSG guarantees a right to erasure, except when consent was given to the processing (and that this was not the case was uncontested) or the law allows the processing. § 29 BDSG allows commercial collection from public sources as long as there are no legitimate overruling interests of the data subject. Because the information was not sensitive and there was, to a certain degree, a public interest in such data, its collection was legal. Accordingly, the request for erasure was rejected. Nevertheless, the agency had to rectify that the data on assets and liabilities were only estimated.  [94]


With regards to the admissibility of online rating platforms the Supreme Court’s 2009 ruling was expected to be a landmark decision. The issue concerned a rating platform which allowed pupils to anonymously rate their teachers with regards to several criteria by using pre-fixed attributessuch as “competent” and “well prepared”. Theseratings were combinedto an overall grade. One teacher (she had received a 4.3, which is equivalent to a barely acceptable performance) sued the platform for forbearance. The court found that the respondent’s processing of data could be justified by Art. 29 BDSG (collection from public sources for commercial reasons) as far as there are no legitimate overruling interests of the data subject. In order to assess this question, the court weighed the “right to informational self-determination as provided for in Art. 1 (1) and Art. 2 (1) GG” against the freedom of speech and information as provided for in Art. 5 (1) GG. The court qualified the data in question as belonging to the professional social sphere, meaning that they were neither private nor even intimate. On the other hand, it found the platform to be designed in a manner that prevented libelling statements (e.g. besides the possibility to rate a teacher with pre-fixed attributes, there was no possibility to leave comments) and acknowledged pupils and their parents’ legitimate interests in comparing teachers. The claim was therefore dismissed.  [95] Yetthe Supreme Court’s judgment highlights that there is nogeneral rule regarding the admissibility of online rating platforms; rather, each case must be assessed individually.

3. Defamatory Autocomplete Suggestions

It is further interesting to note that in Germany, the “well-known” claims against the autocomplete function of Google were not based on data protection law. In 2011, the High Court of Hamburg had to decide, on the grounds of defamation and general tort law,  [96] whether the claim of a real estate company was legitimate or not. The claimant demanded that Google delete the autocomplete suggestion “fraud”. In addition, he demanded that various pages and snippets, in which the real estate company was accused of betraying its customers, be de-indexed from the search results. According to the claimant, the snippets were an expression of Google’s opinion and therefore were capable of being a violation of personal rights. Yet the High Court of Hamburg found that an algorithm – without human intervention – had produced the search results and that these were not the opinion of Google as the search engine would only provide results that are already available on the Internet. Additionally, the court held that Google had no duty to examine and filter the source of search results beforehand, and that its participation in the alleged violation of privacy rights was neither voluntary nor of appropriate causality. The High Court of Hamburg thereby rejected the claim for forbearance.  [97]


Similar reasoning led to denying a right to erasure by the High Court of Munich. The claimant, an address register provider, demanded the deletion of Google’s search results which accused him of fraud. Furthermore, he demanded the deletion of the search suggestions “fraud” and “rip-off” associated with his name. The court argued that Google provides results – in the form of snippets and search suggestions – which are automatically generated. Thereby, Google does not make a statement of its own but rather re-organizes pre-existing content. As this was considered an obvious fact to the average user, Google could not be considered an offender, accomplice or assistant to any privacy-infringing action. Furthermore, the court reasoned that a notice and take down obligation would require a so-called “duty to secure fair competition”. Such an obligation would only arise when being notified of an obvious privacy infringement. Privacy infringements, however, were deemed to be far from obvious because they involve a complex balancing of interests and therefore a notice and take down obligation was denied.  [98]


These decisions showed that German courts highly valued the right to information and therefore were reluctant to impose any liability on a search engine for its results or autocomplete suggestions.  [99] Surprisingly, the German Supreme Court overthrew this approach in its Scientology decision in 2013. In this case, the plaintiffs, an online drugstore and its founder and chairman R.S., sued Google for the search suggestions “Scientology” and “fraud” and demanded forbearance. By invoking the above-mentioned arguments, the High Court of Cologne dismissed the claim.  [100] However, the Supreme Court reasoned that “Scientology” and “fraud” are both words with negative associations and since the average user expects that these suggestions are helpful inputs, they are capable of invading privacy rights. In the present case, such a privacy infringement was acknowledged, in particular because the suggestions created untrue associations. The court concluded that even if generated by an algorithm, the search engine is accountable for its suggestions. In particular, the notion that search engines could be considered as mere hostingproviders was dismissed. However, in the court’s view, search engines should not be obliged to check all suggestions in advance, but should take measures to prevent their suggestions from infringing privacy rights. The significance of this is that if someone notifies the search engine that the suggestions are infringing upon his or her privacy rights, this notification creates an obligation to check whetherthis is the case and eventually delete the contested suggestion.  [101] Therefore, as in France, search engines face accountability for autocomplete suggestions generated by algorithms and qualify as content providers in this respect. Nevertheless – as opposed to France, where obvious privacy infringements must be taken down in advance – the German Supreme Court merely established a notice and take down obligation for a content provider based on the general privacy tort action.

IV Italy

1. Privacy and Data Protection Provisions

According to Art. 2 of the Italian Constitution, “the Republic recognizes and guarantees the inviolable rights of a person, as individual and in the community where he expresses its personality (…)”. In combination with Art. 15, which protects the secrecy of correspondence, those constitutional norms lay out the foundation for protecting an individual’s privacy.  [102] Yet in civil law there is no statutory provision protecting a general right to personality or privacy; rather, only certain aspects of personality (such as name and physical integrity) enjoy protection.  [103]


On a base level, the protection of personal data is seen as a subjective right that strengthens the individual’s right to defence against actions that adversely affect his right of privacy. [104] The Italian Data Protection Act  [105] (Legislative Decree 2003/196) incorporates in Art. 7 (3) the right of the data subject to demand erasure or anonymization of personal data if the processing is illegitimate or if the maintenance of the data is no longer necessary in relation to the purpose for which they were specifically collected. Furthermore, the data subject has the right to update, rectify or complete the data with additional data.  [106] These tools allow the rectification of the data after its collection and mutation.  [107] Art. 11 (1e) states that identifiable personal data shall not be processed over a certain amount of time necessary for the purposes for which they have been collected. According to Italian scholars, once the purposes are attained or no longer of interest, the data subject has the right “ad esseredimenticato”,  [108] i.e. the “right to be forgotten”. Thereby, Italian law prohibits the maintenance of personal data as soon as it fulfils its purpose of collection.  [109]

2. The Right of Oblivion and Online Archives

It should first be mentioned that Italian literature distinguishes between privacy and reservation, yet states that these two concepts are overlapping and intermingled. While privacy is understood as a guaranteed freedom to determine for oneself how to shape one’s private life, reservation protects the integrity of the individual’s private sphere.  [110] Those rights were further developed by courts and include, among others, the right of reputation, the right to rectification, the right to be let alone and the right of image and name.  [111] In their core, these rights protect the personality and identity of the individual.  [112] Since the personality of an individual consists of different aspects varying over time, the right of oblivion balances the conflict between an accurate story (at the time it occurred) and an actual person’s identity at the time being. In this regard, the right of oblivion guarantees a right to reservation.  [113] Therefore, Italian jurisprudence and legal scholars define the right of oblivion as the individual’s right to prevent the publishing of old news concerning him or her, even if the reported events had once been newsworthy and legitimately published.  [114] Special focus lies on the role of time and the balance between public and individual interests.  [115]


In 1984 the Italian Court of Cassation (“Corte di Cassazione”) established three criteria determining the boundaries of the freedom of the press. The dispute before the court involved different reports published in a monthly newspaper concerning the common funds of two real estate companies. The plaintiffs claimed that these reports published in 1972/1973 were denigrating and demanded, based on Art. 2043 of the Italian Civil Code, the subsequent prohibition of the reports and damages for the loss suffered. In its decision, the court debated the limits of the freedom of the press, a right guaranteed in Art. 21 of the Italian Constitution, and regulated in the Press Act.  [116] The court established three criteria limiting the freedom of the press: first, the reported information needs to be of social or public interest; second, the coverage needs to be correct (or at least the result of a serious investigation towards finding the truth); and third, the information must be presented in an objective, civilized manner. The decision balanced arguments such as the social utility of the information, newsworthiness, need for completeness of the information, intrusions in the private sphere of the individual and the potential harm to his image, honour and reputation.  [117]


Later in 2012, the Court of Cassationdealt with the right of oblivion in online newspapers. [118]A politician who had been arrested and charged with corruption in 1993 and subsequently acquitted, requested that a news article regarding his arrest be removed from the archive of the “Corrieredella Sera”, which was still indexed by search engines. Even though the event of his arrest and charges were true, the Court of Cassation acknowledged that the information in the article was incomplete, since the charge had been dropped. Balancing the freedom of the press and the individual’s right to privacy and oblivion, the court ruled that the newspaper had an obligation to equip its archives with “an appropriate system designed to provide information (in the body of the text or in the margin) on whether there exists a follow-up or any development to news items and if so what the content is [...] allowing users swift and easy access to the updated information.”  [119] Therefore, it is necessary to amend information  [120] on the development of the case so that the users are presented with an accurate picture of the events. However, search engines were viewed as mere intermediaries and hence not responsible for the information or obliged to de-link the contested webpages.


Prior to this ruling, the Italian data protection authority issued two decisions in 2005 and 2008 concerning online archives. The first ruling dealt with the online retrieval of a decision issued in 1996 by the Italian Antitrust Authority against a company on account of misleading advertising.  [121] The data protection authority stated that such an online retrieval on external search engines should be restricted. Next to the establishment of a restricted-access section to old decisions on the antitrust authority website, which must not be retrievable by standard search engines, the Italian DPA ordered the Antitrust Authority to define the time period during which the posting of free decisions seemed proportionate. Thus, access must be granted to decisions that are still relevant for fulfilling their purpose; respectively, access to decisions that have already achieved their purpose should be restricted. The Antitrust Authority complied by applying robot-meta tags  [122] to decisions that were more than five years old (sanctions against offenders were statute-barred after this time). In the second decision, DPA v. Google Inc. and RcsQuotidianiS.p.Aof 2008, the data protection authority balanced the individual right of oblivion with the freedom of expression, the freedom to exercise free historical research, the right to education and information as well as with the rules on protection of personal data. The DPA held that there were legitimate grounds for publishing the contested publication – at that time an undisputed depiction of facts of public interest. Nevertheless, the DPA argued that there were no legitimate grounds for personal data in online archives being retrievable through external search engines. In other words, an archive’s web page that exhibits personal data must be de-linked from the external search engine function by the company that acts as the content provider.  [123]

3. Defamatory Autocomplete Suggestions

In 2011 theRegional Court of Milan (“TribunaleOrdinario di Milano”)dealt with a matter concerning autocomplete suggestions by Google. The plaintiff demanded that the suggested search result “fraud” or “crook” next to his name be erased. The court ruled in the plaintiff’s favour: auser seeing such a suggested search result would be suspicious and assume illicit activities by the plaintiff; the user would therewith be more likely to stop his further search enquiry. Therefore, the court stated that such an autocomplete suggestion infringes the honour and reputation of the person it relates to. Simultaneously, the court specified that the search suggestions are based on a “neutral” algorithm that does not differentiate between good and bad. The association between the applicant's name and the words “scam” and “crook” was considered the work of the software specially developed and adopted by the claimant to optimize access to its database. While Google itself was considered a hosting provider under Directive 2000/31/EC (and its implementation into Italian law in Legislative Decree 70/2003), Google’s “autocomplete function” was deemed to fulfil characteristic functions of a content provider, namely by choosing which information to provide to its users. The court found that Google was liable for autocomplete defamatory suggestionsthataverage individual users are unable to distinguish from truthful facts.  [124]


Two years later, the same Regional Court of Milan decided a case in which it excluded Google from liability for defamation with respect to the autocomplete suggestions.  [125] The court reasoned that notwithstanding the qualification of Google as a caching, hosting or content provider, the company would still be responsible under Art. 15 and 16 Legislative Decree No. 70/2003 to remove defamatory content from its autocomplete function on an urgent basis. The court concluded, however, that even though Google had thus no general obligation to monitor the information and in casu autocomplete keywords, it did have a duty to remove illicit content if required to do so by a competent judicial authority.  [126]

D. Putting Oblivion, Erasure and Forgetting into Context: Insights Drawn from the Comparative Case Law Analysis

Since 1995 the European Member States have set a Union-wide standard for data protection. Nevertheless, the different legal backgrounds have led to a diverse implementation of data protection principles into national legislation. Therefore, to understand the ratio legis of the right of oblivion and the right to erasure and the evolution of the concept of forgetting on a Union and national level, it is essential to discuss the legal provisions and case law dealing with these concepts.


The insights can be summarized in the following main points:


The right of erasure as provided for by data protection law has rarely been the only legal ground in courts.

The right of erasure as established in data protection law has served only in few instances as the only legal ground of a court decision. Instead, other civil or criminal law provisions have been called upon when an individual’s personality right is infringed. Therefore, when it comes to discussing the potential benefits of introducing a right to be forgotten in data protection law, legislators should be aware of existing laws and case law with respect to privacy protection. The current debate has failed to thoroughly analyse and benefit from existing judicial reasoning on the right of oblivionthatprovides for a differentiated balancing of interests. However, the recent ECJ ruling could foster the importance of data protection law, since the court based its ruling on the latter.


Oblivion may be achieved by other means than erasure.

National legal systems in Europe have taken different approaches when it comes to balancing conflicting interests and – once a violation of privacy has been assessed – rely upon different measures to end such a violation. In Germany, the national case law dealing with the traditional concept of oblivion often focuses on the question of whether or not rehabilitation of the individual will be affected. The extensive case law on this subject helps to define which criteria affect the balance between the public’s interest of knowledge with the individual’s interest of privacy. If the individual right outweighs other interests, German courts will order the violator to erase the illicit content. Thereby, German courts need to balance between erasing historical facts and the individual interest in having these facts forgotten. Interestingly, the Italian jurisprudence highlights that the rectification of personal data or restricting its retrievability, in comparison to its total erasure, is less radical and interferes less with the freedom of information or expression. In light of the recent ECJ ruling, future research should also focus on measures such as rectification or restricting online retrievability (e.g. ordering the application of robot-meta tags or de-indexing).


The easy access and quick retrieval of personal data via search engines is the main concern of individuals regarding their online privacy.

The reviewed case law shows that increased accessibility has catalysed online privacy concerns.In particular, Google’s autocomplete software has been at the heart of various lawsuits. The question of whether or not the autocomplete function requalifies a search engine as a content provider has been discussed indepth, in particular in Italy. While the court decisions show that there havelong been insecurities on how to approach the ruling against autocomplete suggestions, the establishment of a notice and take down obligation is deemed to be proportionate by German and Italian courts.


The recent ECJ ruling also shows thatthe role of information intermediaries should not be underestimated. An individual may object to the further processing of data by a search engine. However, the search engine has some discretion when it balances the conflicting interest and is only forced to de-index search results when ordered to do so by a competent authority. It should be examined in further detail if this means that search engines are subject to a de facto notice and take down obligation with respect to personal data.  [127]


Sometimes the right to oblivion can be waived.

Courts in Germany and France have acknowledged the possibility of waiving the right of personality: in both the 1967 Paris Appellate CourtDelleSegret v. Soc. Rome Paris Filmdecision as well as the Kannibale von Rothenburg Supreme Court ruling of 2009, a person’s right of oblivion was disregarded because of prior public communication of the disputed facts. It is questionable whether or not EU regulators have given enough thought to the possibility to waive one’s right of oblivion when drafting the concept of the right to be forgotten. It seems more likely that the right to be forgotten would implement a right to have information erased when the consent to its publication is withdrawn.


In this regard, one may ask whether the data subject in the latest ECJ ruling still has a legitimate interest in having certain search results deleted by claiming they have becomeirrelevant. After all, the subject’sentire name as well as the relatedattachment proceedings werenot only mentioned in the ruling but the subjectrecently also gave interviews for newspapers.  [128]


While oblivion and erasure are complementary legal tools, the right of erasure has the potential to neglect the thorough balancing of conflicting interests.

Finally, the legal tools of oblivion and erasure are used in a complementary way. In other words, both concepts fulfil different purposes needed in legislation: while the right of oblivion incorporates a substantial concept for balancing conflicting interests in order to determine when once-newsworthy information should become irrelevant to the broader public, the right of erasure has a more procedural character. The outlined national legislations and court practices in France, Germany and Italy show that on a national level, the right to erasure is understood and applied as one of many corrective measures to end an infringement of privacy. The Italian case law especially highlights this understanding: the discussed requests for erasure were balanced with other rights, and often the demand for erasure was replaced by a less radical enforcement measure, e.g. rectification. In addition, the case law illustrates that erasure willbe granted only after the thoughtful deliberation of substantial conflicting rights.


By understanding the rights provided for in Art. 12 (1) b and Art. 14 (1) Directive 95/46/EC as procedural rights that may be invoked whenever the provisions of the Directive 95/46/EC are violated, the ECJ saw no reasons toelaborate on the rights of freedom of information and expression. This contradicts the examined national case law where these rights are carefully balanced against privacy and personality rights. This may beattributed to the fact that the focus of data protection law lies on the adherence of processing principles rather than on balancing conflicting fundamental rights on a case-by-case basis. Nevertheless, Art. 12 (1) b Directive 95/46/EC gives some discretion with regards to the measures that can end a privacy infringement. Regulators should bear in mind that while erasure might be the easiest way to end a privacy infringement, it may, however, not be the most proportionate one in all cases.

E. Conclusion

EU policy makers are legitimately concerned with users’ online privacy. It is questionable whether or not the right to be forgotten might address users’ fear of being haunted by their digital past. First of all, the terminology has led to controversial reactions amongscholars as well as industry leaders. Second, the fact that the right was re-labelled as the right of erasure reflects policy makers’ ambiguity towards the terminologyused. In fact, we argue that the right to be forgotten is a generic term, bringing together the existing rights of oblivion and erasure. Therefore, it is important to understand the rationale and concepts of those rights as well as their practical implementation.

Policy makers were awaiting the Google Spain v. Spanish Data Protection Agency ECJ ruling in order to gleansome insights on the right to be forgotten. Correctly, the ECJ highlights that in the online context, the retrievabilityof data is a major issue – a finding supported by the fact that search engines are involved in many legal disputes before courts in Germany, France and Italy. Nevertheless, we think that, while the Directive 95/46/EC was interpreted in the light of the fundamental rights to privacy, the fundamental rights of expression and information would have deserved more consideration. Seemingly, it seems problematic to establish general rules on the weighing of interests. Rather, such weighing must be done on a case-by-case basis. Therefore, an in-depth analysis of case law established in the EU member states could provide policy makers with a more nuanced picture of the current implementation of oblivion and erasure – a picture which yields that no right to erasure, oblivion or forgetting can be absolute, but rather that they have to be carefully weighed against the freedom of speech and information. Since the latter is justifiably a cornerstone of any democratic society, policy makers are well advised to pursue this challenge candidly.



[1] * Aurelia Tamò is a PhD candidate at the Research Center for Information Law of the University of St. Gallen. Damian George is a junior associate at Nobel & Hug attorneys at law in Zurich. The authors would like to thank Prof. Dr. Urs Gasser, Executive Director at Berkman Center for Internet & Society, Harvard University;Prof. Dr. FlorentThouvenin, Co-Director of the Research Center for Information Law of the University of St. Gallen;J.D. Cynthia Anderfuhren-Wayne, attorney at law at Nobel & Hug attorneys at law Zurich;Zach Lerner, Legal Research Assistant with Youth and Media Project at Berkman Center for Internet & Society, Harvard University; and the JIPITEC Review Committee, for their helpful inputs and discussions. The views expressed in this publication are the sole responsibility of the authors.


Cf. e.g. Special Eurobarometer 359, Attitudes on Data Protection and Electronic Identity in the European Union, June 2011, p. 56 on the perceived risk of disclosing personal information.

[2] Cf. Official Journal L 281, 23/11/1995 P. 0031 – 0050.

[3] Cf. EC sets out strategy to strengthen EU data protection rules, IP/10/1462, Brussels, 10.11.2010; EC Frequently asked Questions on the Data Protection Reform, MEMO/10/542, Brussels, 10.11.2010.

[4] Viktor Mayer-Schönberger, Delete: The Virtue of Forgetting in the Digital Age, Princeton University Press 2009.

[5] Alessandro Mantelero, U.S. Concern about the Right to Be Forgotten and Free Speech: Much Ado about Nothing?, Contratto e Impressa. Europa Vol. 17 (2012) No. 2, pp. 727-740; Meg Leta Ambrose/JefAusloos, The Right to Be Forgotten Across the Pond, Journal of Information Policy, Vol. 3, 2013, pp. 1-23; Franz Werro, The Right to Inform vs. The Right to Be Forgotten: A Transatlantic Clash, in: Aurelia ColombiCiacchi/Christine Godt/Peter Rott/Leslie Jane Simth (eds.), HaftungsrechtimDrittenMillenium, Baden-Baden 2009, pp. 285-300; Laura Lagone, The Right to Be Forgotten: A Comparative Analysis, Working Paper Series, December 7th, 2012.

[6] Cf. e.g. Adam Thierer, California Eraser Button Passes, The Technology Liberation Front, September 26, 2013; Eric Goldman, California’s New ‘Online Eraser’ Law Should Be Erased, Forbes, September 24, 2014.

[7] Herbert Burkert, Privacy – Data Protection: A German/European Perspective, in: Engel Christoph/Keller Kenneth H. (eds.): Governance of Global Networks in the Light of Differing Local Values. Baden-Baden 2000, p. 46.

[8] Cf. also Huw Beverley-Smith/AnsgarOhly/Agnes Lucas-Schloetter, Privacy, Property and Personality: Civil Law Perspectives on Commercial Appropriation, Cambridge 2005, p. 207.

[9] Herbert Burkert, Changing Patterns – Supplementary Approaches to Improving Data Protection. A European Perspective, Presentation at CIAJ 2005 Annual Conference on Technology, Privacy and Justice, Toronto September 29-30, 2005, p. 4.

[10] Cf. Fred Cate/Viktor Mayer-Schönberger, Notice and consent in a world of Big Data, International Data Privacy Law 3 (2), 2013, pp. 67-73; Niko Härting/Jochen Schneider, Impulses for an Effective and Modern Data Protection System, JIPITEC 2011 (3), p. 197.

[11] Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, A comprehensive approach on personal data protection in the European Union, Brussels, 4.11.2010, COM(2010) 609 final, p. 7.

[12] The concept of informational self-determination was developed by the German Federal Constitutional Court (“Bundesverfassungsgericht”) in 1983. In its famous Volkszählungsurteil the court declared some provisions of the revised Census Act as unconstitutional. It articulated the right to informational self-determination as the “authority of the individual to decide himself, on the basis of self-determination, when and within what limits information about his private life should be communicated to others.” Cf. Antoinette Rouvroy/Yves Poullet, The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, in: Serge Gutwirth et al. (eds.), Reinventing Data Protection?, Springer 2009., pp. 45 et seqq.

[13] Cf. e.g. Napoleon Xanthoulis, Conceptualizing a Right to Oblivion in the Digital World: A human rights-based approach, research essay at University College London, May 2012, pp. 16 et seq., who argues that the right to be forgotten of the Draft Data Protection Regulation dated 25.1.2012, COM(2012) 11 final constitutes – with the exception of the extension in Art. 17 (2) – a tautology of the right to erasure of the Directive 95/46/EC; Interchangeably using the term “right of oblivion” and “right to be forgotten”: OvidiuVermesa/Peter Friess, Internet of Things – Global Technological and Social Trends, 2011 River Publisher, Denmark, p. 79; Cécile de Terwangne, Internet Privacy and the Right to Be Forgotten/Right to Oblivion, Revista de Internet, Derecheo Y Politica (IDP), Vol. 13, February 2012, pp. 109 et seq., Norberto Nuno Gomes de Andrade, Oblivion: The Right to Be Different… from Oneself – Reproposing the Right to Be Forgotten, IDP, Vol. 13, February 2012, pp. 122 et seq., GiusellaFinocchiaro/Annarita Ricci, Quality of Information, the Right to Oblivion and Digital Reputation, in: B. Custers et. al. (eds.), Discrimination and Privacy in the Information Society, Berlin 2013, pp. 289-299; Cédric Burton/Christopher Kuner/Anna Pateraki, The Proposed EU Data Protection Regulation One Year Later: The Albrecht Report, Bloomberg Privacy and Security Law Report, January 21, 2013 state that the right to be forgotten is viewed by the Albrecht Report (cf. chapter B.III.2) as an extension of the right to erasure.

[14] Cf. e.g. Ambrose/Ausloos, supra note 5, pp. 1-23, who distinguish between full deletion of public data (oblivion) and the removal of data processed by third parties (erasure); Rolf H. Weber, The Right to Be Forgotten: More Than a Pandora’s Box?, JIPITEC 2011 (2), pp. 120-130, who distinguishes between the active and passive verb tense; see also Antoinette Rouvroy, Réinventerl'artd'oublier et de se faire oublierdans la société de l'information?, in: StéphanieLacour (Ed.), La sécurité de l'individunumérisé. Réflexionsprospectives et internationales., Paris 2008, pp. 249-278.

[15] Paul Bernal, A Right to Delete, European Journal of Law and Technology (EJLT) 2011 (2) No. 2, p. 2.

[16] Cf. chapter C.II.1; chapter C.III.1.

[17] Ambrose/Ausloos, supra note5; p. 2;Mantelero, supra note 5, p. 728.

[18] The terminology “respect for privacy” is understood in this article as the overall idea of protecting an individual’s privacy (private life, private sphere, private communication, etc.). Some jurisdictions – as will be discussed throughout this article – have codified the “respect” into a right of privacy.

[19] Ambrose/Ausloos, supra note 5, p. 14.

[20] Ambrose/Ausloos, supra note 5, p. 14.

[21] Ambrose/Ausloos, supra note 5, p. 15.

[22] European Commission, Why do we need an EU data protection reform?, Factsheet 2012.

[23] Press Release, Speech Viviane Reding, Justice for Growth makes headway at today's Justice Council, SPEECH/13/29, 18.01.2013.

[24] Cf. e.g. Katy Steinmetz, Lucky Kids: California Gives Minors the Right to Delete Things They Put Online, Time, September 23, 2013; Thierer, supra note 6.

[25] Bert-JaapKoops, Forgetting Footprints, Shunning Shadows. A Critical Analysis of the “Right To Be Forgotten” in Big Data Practice, SCRIPTed, Vol. 8, No. 3, 2011, pp. 229-256, p. 232 et seq.

[26] Koops, supra note 25, pp. 233 et seq. as well as pp. 250 et seqq.

[27] Weber, supra note 14, pp. 120 et seq.

[28] Rouvroy, supra note 14, pp. 249-278.

[29] Ambrose/Ausloos, supra note 5, p. 14.

[30] Ambrose/Ausloos, supra note 5, p. 2.

[31] Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25.1.2012, COM(2012) 11 final; in combination with recital 6, 53 and 54.

[32] Council of the European Union, Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) – Key issues of Chapters I-IV, 2012/0011 (COD), n. 10227/13, Brussels, May 31, 2013, . The version of June 21, 2013 is available at: .

[33] European Parliament, Policy Department Economic and Scientific Policy, Reforming the Data Protection Package, Study 2012, p. 60.

[34] The right to object as provided for in Art. 14 Directive 95/46 is limited to scenarios in which the procession was lawful only due to outweighing interests of the public or the controller (Art. 7 (e) and (f) Directive 95/46/EC); cf. Damian George/Aurelia Tamò, EinEuropäischesRecht auf Vergessen – eineSchweizerPflichtzumLöschen?, in: Sandra Brändli/Roman Schister/Aurelia Tamò (eds.), MultinationaleUnternehmen und InstitutionenimWandel – Herausforderungen für Wirtschaft, Recht und Gesellschaft, Bern 2013, p. 49.

[35] Cf. 17, (3) Regulation.

[36] Cf. 17, (3), (a) (b) and (d) Regulation.

[37] This provision is of special interest because Art. 14 of the Directive 95/46/EC – which already obliges Member States to introduce a right to object to the processing of personal data– goes less far: The scope of Art. 14 in combination with Art. 7 (e) and (f) were not applicable in cases in which the data subject wanted to withdraw his previously given consent. Ulrich Dammann/Spiros Simitis, EG-Datenschutzrichtlinie Kommentar, Baden-Baden 1997, Art. 14 N 2.

[39] Compare Regulation, supra note 31, with the draft version of June 21, 2013, supra note 32.

[40] Despite the European Union not being a member of the ECHR, it accedes its provisions according to Art. 6 par. 2 Treaty on the European Union.

[41] Rolf H. Weber/Markus Sommerhalder, Das Recht der personenbezogenen Information, Zurich 2007, p. 97.

[42] Cf. ECJ, Case 101/01,Lindqvist, [2003] para. 86.

[43] Dammann/Simitis,supra note 37, Art. 12 N 16; Eugen Ehmann/Marcus Helfrich, EG-Datenschutzrichtlinie Kurzkommentar, Köln 1999, Art. 12 N 52 et seqq.

[44] Dammann/Simitis, supra note 37, Art. 12 N 16.

[45] Dammann/Simitis, supra note 37, Art. 12 N 16.

[46] Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal L 201 , 31/07/2002 P. 0037 – 0047.

[47] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Official Journal L 178 , 17/07/2000 P. 0001 – 0016.

[48] Cf. also Recital 22, 23, 26, 27, 28 of the Directive 2002/58/EC.

[49] Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos, Mario Costeja González, ECJ, C-131/12, Reference to a preliminary ruling from the Audiencia Nacional 9.3.2012; the term “right to be forgotten” is understood as a right according to which “information should not be known to internet users when he considers that it might be prejudicial to him or he wishes it to be consigned to oblivion, even though the information in question has been lawfully published by third parties”.

[50] Georgios Gounalakis, Privacy and the Media – A comparative perspective, Munich 2000, p. 74.

[51] Official French title: Loi du 29 juillet 1881 sur la liberté de la presse.

[52] Beverley-Smith/ Ohly/ Lucas-Schloetter, supra note 8, p. 149.

[53] Beverley-Smith/ Ohly/ Lucas-Schloetter, supra note 8, p. 150; Mara Chromik, Die Entscheidungskriterien des Zivilrechts bei der Abwägung von Privatsphärenschutz und öffentlichem Informationsinteresse: Eine rechtsvergleichende Untersuchung zum deutschen, französischen und spanischen Recht, Munich 2011, pp. 3-4.

[54] Roseline Letteron, Droit à l'oubli, Revue de droit public de la science politique en France et à l'étranger, 1996 n° 2, p. 385-4243, p. 415, 419.

[55] Letteron, supra note 54, p. 423.

[56] Cour d’Appel de Paris, 15.3.1967, Delle Segret, c. Soc. Rome Paris Film, JCP 1967, 15107; cf. FrançcoisRigaux, La protection de la vie privée et des autres biens de la personnalité, Bruxelles/Paris 1990, p. 462 N. 403.

[57] Court d’Appel de Paris, 13.10.1981, D. 1983, jur., 421.

[58] Tribunal de grande instance de Paris, 6.5.1983, D. 1984, jur., 14, Papon.

[59] Beverley-Smith/ Ohly/ Lucas-Schloetter, supra note 8, p. 174.

[60] Beverley-Smith/ Ohly/ Lucas-Schloetter, supra note 8, p. 178, with reference to case law in Fn. 130.

[61] Cass.civ. 1°, 20.11.1990, Mme. Monanges c. Kern, JCP II, 21908; decision available in French at: ; For an in-depth analysis,cf: Letteron, supra note 54, pp. 385 et seqq.; Beverley-Smith/ Ohly/ Lucas-Schloetter, supra note 8, p. 179.

[62] Tribunal de grande instance de Paris, 8.9.2010, M.X. vs. Google and Eric Schmidt, decision available in French at: .

[63] Court d’appel de Paris, 9.12.2009, Direct Energie vs. Google, decision available in French at: .

[64] Court d’appel Paris 14.12.2011, Lyonnaise de Garantie vs. Google and Eric Schmidt,decision in Frenchavailable at:

[65] Weber, supra note 14, p. 123.

[66] Christiane Féral-Schuhl, Cyberdroit – Le droit à l’épreuve de l’Internet, 6thEdition., Paris 2010, p. 35.

[67] Cf. Loi n°2004-801 du 6 août 2004 relative à la protection des personnes physiques à l’égard des traîtments de données à carctère personnel physiques et modifiant la loi n°78/17 du 6 janvier 1978.

[68] Cf. e.g. caseCourt d’appel de Paris, 9.12.2009, Direct Energie vs. Google,based on Arts. 1382-1384 French Civil Code.

[69] Tribunal de grande instance de Montpellier, 28.10.2010, Mme. C. v. Google, decision in French available at: .

[70] Tribunal de grande instance de Paris 15.2.2012, Diana Z. v. Google, decision in French available at: .

[71] Loi n° 2004-575 du 21 juin 2004 pour la confiancedansl'économienumérique; Art. 6 is the implementation of Art. 14 of the Directive 2000/31/EC into French law; Federica Casarosa, Wikipedia: Exemption from Liability in Case of Immediate Removal of Unlawful Materials, SCRIPTed Vol. 6, Issue 3, 2009, pp. 670-676, pp. 671 et seqq.

[72] Casarosa,supra note 71, pp. 671 et seqq.

[73] Féral-Schuhl, supra note 66, p. 801.

[74] High Court of Justice, Mosley v. News Group Newspapers [2008] EWHC 1777 (QB), available at: ; Ordonnance de Tribunale de grande instance de Paris, 29.4.2008, unpublished.

[75] Tribunal de grande instance de Paris, 6.11.2013, RG 11/07970,Max M. v. Google Inc. and Google France, decision in French available at: .

[76] Beverley-Smith/Ohly/Lucas-Schloetter, supra note 8, pp. 100 et seqq; The existence of this general personality right was contested for a very long time. It was claimed that only certain aspects of the right to personality such as the right to one’s name or image could enjoy legal protection;cf. Ansgar Staudinger, in: Hk-BGB, 7th Edition, § 823 N 90, Baden-Baden 2012.

[77] Chromik, supra note 53, p. 4 et seq.

[78] Emanuel H. Burkhardt, Chapter 5, in: Wenzel et al. (eds.), Das Recht der Wort- und Bildberichterstattung, 5thEdition, Köln 2003, pp. 135 et seqq.

[79] Cf. e.g. § 12 German Civil Code, which protects a right to one’sname; §§ 22, 23 of the (Artistic Copyright Act), which guarantee a right to one’s image are such specific provisions; §§ 185, 186 of the Criminal Code which is called upon when defamatory actions have occurred.

[80] This article does not account for an exhaustive discussion of all the case law but restricts its focus on selected court rulings.

[81] Cf. e.g. Bundesverfassungsgericht, 30, 173, 24.3.1971, Mephisto, decision available in German at: . In this decision, the right of oblivion of a deceased “public figure” was demanded by a family member. The publication of the book in which the fictional story was told was prohibited based on the argument that the family member’s privacy was infringed upon by such a publication. Moreover, the court refused to assess the freedom of expression since “arts and expression are two different things”.

[82] Cf. Bundesverfassungsgericht, 35, 202, 5.6.1973, Lebach I, decision available in German at: .

[83] Bundesverfassungsgericht, 1 BvR 348/98, 25.11.1999, Lebach II, decision in German available at: .

[84] Kammergericht Berlin, 9 W 132/01, 19.10.2001, AfP 2001, 561, Hooligan, decision in German available at: .

[85] Kammergericht Berlin, 9 W 132/01, 19.10.2001, AfP 2001, 561, Hooligan, decision in German available at: .

[86] Oberlandesgericht Frankfurt am Main, 16 W 54/06, 20.9.2006, decision in German available at:

[88] Bundesgerichtshof, VI ZR 227/08, 15.12.2009, Sedlmayr, ( ), decision in German available at: .

[89] Bundesgerichtshof, VI ZR 245/08, 20.4.2010 (; Bundesgerichtshof, VI ZR 346/09, 22.2.2011 (; Bundesgerichtshof, VI ZR 243/08, 9.2.2010 (; Bundesgerichtshof, VI 217/08, 8.5.2012 (

[90] Bundesgerichtshof, VI ZR 191/08, 26.5.2009, Kannibale von Rothenburg, decision in German available at: .

[91] Court d’Appel de Paris, 15.3.1967, Delle Segret, c. Soc. Rome Paris Film, JCP 1967, 15107.

[92] Negotiated from 1970 until 1977, the BDSG was later revised in 1990 and again in 2001, incorporating the Union provisions of the Directive 95/46/EC; cf. Spiros Simitis, Einleitung: Geschichte – Ziele – Prinzipien, in: Spiros Simitis (ed.), Bundesdatenschutzgesetz – Kommentar, 7thEdition, Baden-Baden 2011, pp. 77 et seqq.

[93] Cf. § 35 (5) BDSG.

[95] Bundesgerichtshof, VI ZR 196/08, 23.6.2009, decision in German available at: .

[96] Based on §§ 823 par. 1, 1004 par. 1 S. 2 BGB analogous in connection with Art. 1, 2 par. 1 GG, resp. §§ 1004 par. 1, 823 par. 2 BGB in connection with § 186 StGB.

[97] Oberlandesgericht Hamburg, 3 U 67/11, 26.5.2011, decision in German available at: .

[98] Oberlandesgericht München, 29 U 1747/11, 29.9.2011, decision in German available at:

[99] Cf. Niko Härting, Bettina Wulff klagt gegen Google - Aus der Einbahnstrasse in die Sackgasse, Legal Tribune Online, 10.9.2012, available at: .

[100] Oberlandesgericht Köln, 15 U 199/11, 10.5.2012, decision in German available at: .

[101] Bundesgerichtshof, VI ZR 269/12, 14.5.2013, Scientology, decision in German available at: ; the High Court of Cologne subsequently applied the legal reasoning. While the suggestions were deemed to be privacy infringing, the claim for damages was denied. Cf. Oberlandesgericht Köln, Az. 15 U 199/11, 08.04.2014, decision in German available at: .

[102] Cf. AlessioZaccaria/MirkoFaccioli, The Protection of Personality Rights against Invasions by Mass Media in Italy, in: Helmut Koziol/Alexander Warzilek (eds.), Tort and Insurance Law Vol. 13 on the Protection of Personality Rights against Invasions by Mass Media, Vienna 2005, p. 184. They state that “the right to privacy is one of the personality rights that (albeit not expressly governed by law) has been envisaged by legal authors and case law”; Massimo Farina/FabrizioVoltan, La nuova privacy, Florì 2011, pp. 6 et seqq.; GerolamoPellicanò/Giovanna Boschetti, Italy, in: Monika Kuschewsky/ Van Bael& Bellis, Data Protection and Privacy, London 2012, p. 261.

[103] Cf. Christian von Bar/Ulrich Dobing, The Interaction of Contract Law and Tort and Property Law in Europe: A Comparative Study, Munich 2004, pp. 33 et seqq.; cf. also: Comparative Study on the Situation in 27 Member States as Regards the Law Applicable to Non-contractual Obligations Arising out of Violations of Privacy and Rights Relating to Personality, Annex III, pp. 87 et seqq., available at: .

[104] Guisella Finocchiaro, Privacy e protezione dei dati personali – Disciplina e strumenti operative, Bologna 2012, p. 6.

[105] Codice in materia di protezione dei dati personali, Decreto legislativo 30 giugno 2003, n. 196. This code replacedthe previous Legislative Decree n. 675, 1996; cf. also Farina/Voltan, supra note 102, pp. 6 et seqq.

[106] Cf. also Art. 11, (1c) of the Legislative Decree 2003/196.

[107] Cf. Elena Bassoli, Art. 7 – Diritto di accesso ai dati personali ed altri diritti, in: Guiseppe Cassano/Stefano Fadda (eds.), Codice in material di protezione dei dati personali, Commento articolo per articolo al testo unico sulla privacy D.legs. 30 giugno 2003, n. 196, Milano 2004, p. 67.

[108] Cf. Stefano Farra, Art. 11 – Regole generali per il trattamento dei dati, in: Guiseppe Cassano/Stefano Fadda (eds.), Codice in material di protezione dei dati personali, Commento articolo per articolo al testo unico sulla privacy D.legs. 30 giugno 2003, n. 196, Milano 2004, p. 92 citing Guilio Napolitano, Il diritto all’oblio esiste (ma non si dice), in Dir. inf., 1996, pp. 427 et seq.; cf. also Guiseppe Cassano, Il Diritto All’Oblio Nella Era Digitale, in: Guiseppe Cassano/Guido Scorza/Guiseppe Vaciago (eds.), Diritto Dell’Internet: Manuale Operativo, Wolters Kluwer Italia 2013, pp. 45 et seqq.

[109] Cf. Stefano Farra, supra note 108, p. 92.

[110] Elena Falletti, L’Evoluzione Del Concetto Di Privacy E Della Sua Tutela Giuridica, in: Guiseppe Cassano/Guido Scorza/Guiseppe Vaciago (eds.), Diritto Dell’Internet: Manuale Operativo, Wolters Kluwer Italia 2013, pp. 22 et seqq.; Farina/Voltan, supra note 102, pp. 6 et seqq. ; cf. also GianLuca Pedrazzini, Privacy,in Alberto Clerici (ed.), Manuale di Informatica Giuridica, Milano 2013, pp. 297 et seqq.

[111] Cf. with respect to rectification the Legislative Decree n. 47, 1948 (“Legge 8 febbraio 1948, n. 47, Disposizioni sulla stampa”); cf. also below the rectification right in the data protection act of Italy; cf. Finocchiaro, supra note 104, pp. 8 et seqq. stating, among others, that the Italian Supreme Court has established a right to be left alone in 1975 and that the right of reputation not only has close ties with the penal norms dealing with defamation but is also interlinked with the civil right of honor.

[112] Cf. Finocchiaro, supra note 104, pp. 16 et seq.

[113] Guiseppe Cassano, supra note 108, pp. 45 et seqq.

[114] Cf. Finocchiaro, supra note 104, p. 18; cf. also Cassano, supra note 108, pp. 45 et seqq., stating that the normative fundament of the right of oblivion in data protection law is found today in Art. 11 Legislative Decree 2003/196 (cf. paragraph below); Falletti, supra note 110, pp. 30 et seqq.

[115] Cf. Finocchiaro, supra note 104, pp. 18 et seq.

[116] Legislative Decree n. 47, 1948 (Legge 8 febbraio 1948, n. 47, Disposizioni sulla stampa).

[119] Supra note 107;Translation by GiusellaFinocchiaro, Italian Supreme Court: the right to oblivion to be protected with newspaper archive updates, April 23, 2012,

[120] Cf. Art. 11 (1c) Legislative Decree 2003/196.

[121] Cf. Italian Data Protection Authority, Oblivion Rights, ; Finocchiaro/Ricci, supra note 11, pp. 289 et seq.

[122] Robot Meta Tags allow programmers to control how a webpage should be indexed and served to users in the search engine’s results. An explanation for how programmers may use Robot-Meta Tags to control page indexation is provided by Google, February 17, 2012, .

[123] Italian Data Protection Authority, Decision December 11, 2008, Archivi storici on line dei quotidiani: accoglimento dell'opposizione dell'interessato alla reperibilità delle proprie generalità attraverso i motori di ricerca, Doc. 1583162, online: ; cf. also Finocchiaro, supra note 90, p. 21.

[124] Tribunale Ordinario di Milano, 31.3.2011, 10847/2011, Padova Maria Louisa, Google Inc Vs. Monanaro Romolo,

[125] Tribunale Ordinario di Milano, 25.3.2013, 68306/2012,

[126] This decision is in line with similar cases handled in other jurisdictions to which the Court expressly referred; among others, the Swiss Jura Cantonal Court, 12.02.2011 available in French at; cf. Marco Bellezza/Federica De Santis, Google not liable for Autocomplete and Related Searches results, Italian court rules, EU Regulatory, April 5, 2013,

[127] Cf. Is the EU compelling Google to become, Jonathan Zittrain, available at: .

[128] Jonathan Zittrain, Don’t Force Google to Forget, available at: ; Spain's everyday internet warrior who cut free from Google's tentacles, The Guardian, May 13, 2014 available at: .


Fulltext as PDF. ( Size 358.2 kB )


Any party may pass on this Work by electronic means and make it available for download under the terms and conditions of the Digital Peer Publishing License. The text of the license may be accessed and retrieved at

JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law

Subscribe to our newsletter