'The Right to Be Forgotten as a Fundamental Right in the UK After Brexit' by Stergios Aidinlis in (2020) 25(2)
Communications Law comments
Will Brexit diminish digital rights protection in the UK or are domestic institutions better-placed to deliver such protection unencumbered by the oversight of EU institutions? This article scrutinises the validity of conflicting arguments about the future of human rights protection in the UK by reference to a paradigmatically ‘European’ digital right, the right to be forgotten (RTBF). Having considered the interplay between the multiple layers of UK law that an RTBF claim involves, the article argues that some legal implications of Brexit will have a graver impact on digital rights protection than others. In respect of EU law no longer being supreme in the UK, the analysis offered here calls for more nuance in critical arguments about losing fundamental protections when it comes to the RTBF. Brexit, however, will erode the protection of the RTBF in the longer term as a result of the loss of EU law’s direct effect. The scope of the ‘British RTBF’ will be gradually developed as ‘narrower’ compared to EU member states due to fundamental differences between the UK and European conceptions of privacy. The central place of ‘reasonable expectations’ of the data subject within the UK privacy conception, it is argued, sits at odds with social realities related to the RTBF and, thus, raises significant risks for the robust protection of the right in the future.
'The Right to Be Forgotten in the Digital Age: The Challenges of Data Protection Beyond Borders' by Federico Fabbrini and Edoardo Celeste in (2020) 21(s1)
German Law Journal 55-65 comments
This article explores the challenges of the extraterritorial application of the right to be forgotten and, more broadly, of EU data protection law in light of the recent case law of the ECJ. The paper explains that there are good arguments for the EU to apply its high data protection standards outside its borders, but that such an extraterritorial application faces challenges, as it may clash with duties of international comity, legal diversity, or contrasting rulings delivered by courts in other jurisdictions. As the article points out from a comparative perspective, the protection of privacy in the digital age increasingly exposes a tension between efforts by legal systems to impose their high standards of data protection outside their borders – a dynamic which could be regarded as ‘imperialist’ – and claims by other legal systems to assert their own power over data – a dynamic which one could name ‘sovereigntist’. As the article suggests, navigating between the Scylla of imperialism and the Charybdis of sovereigntism will not be an easy task. In this context, greater convergence in the data protection framework of liberal democratic systems worldwide appears as the preferable path to secure privacy in the digital age.
'As Darkness Deepens: The Right to be Forgotten in the Context of Authoritarian Constitutionalism' by Matthias Goldmann at 45-54 in the same issue comments
There is no point in denying the significance of the Right to be forgotten for the state of judicial dialogue in Europe. It vindicates the position of the BVerfG as a court deserving international recognition for advancing the law in the crucial field of data protection. Nevertheless, restricting the scope of analysis to the narrow context of judicial dialogue misses the wider context of the rise of authoritarian constitutionalism in certain EU Member States. In this respect, it is of the highest significance that the decisions on the Right to be forgotten effectively eliminate the imagined normative hierarchy between domestic and EU law that provided the basis for the BVerfG’s jurisprudence ever since Solange I and Maastricht. Moreover, by reasserting the primacy of EU law, the BVerfG strengthens the position of embattled judges in Poland facing disciplinary action for implementing the primacy of EU law. The concern shown by some members of the First Senate for the situation in Poland corroborates this reading.
'Some Kind of Right' by
Jud Mathews at 40-44 argues
The Right to Be Forgotten II crystallizes one lesson from Europe’s rights revolution: persons should be able to call on some kind of right to protect their important interests whenever those interests are threatened under the law. Which rights instrument should be deployed, and by what court, become secondary concerns. The decision doubtless involves some self-aggrandizement by the German Federal Constitutional Court (GFCC), which asserts for itself a new role in protecting European fundamental rights, but it is no criticism of the Right to Be Forgotten II to say that it advances the GFCC’s role in European governance, so long as the decision also makes sense in the context of the European and German law. I argue that it does, for a specific reason. The Right to Be Forgotten II represents a sensible approach to managing the complex pluralism of the legal environment in which Germany and other EU member states find themselves.
'Google LLC v. Commission Nationale de l’informatique et des Libertés (CNIL)' by Monika Zalnieriute in (2020) 114(2)
American Journal of International Law comments
In Google LLC v CNIL, the Court of Justice of the European Union (CJEU or Court) held that the EU law only requires valid ‘right to be forgotten’ ‘de-referencing’ requests to be carried out by a search engine operator on search engine versions accessible in EU Member States, as opposed to all versions of its search engine worldwide. The ruling has been perceived as a ‘win’ for Google and other interveners, such as Microsoft and the Wikimedia Foundation, who argued against worldwide de-referencing; while the Court has been praised for its restraint in finding that the current EU law on the ‘right to be forgotten’ only applies within the EU. However, the CJEU went further and recognized the EU Parliament’s ability to extend the GDPR to apply extraterritorially and Member States’ ability to apply national de-referencing laws beyond their borders. Moreover, the CJEU appears to have reached these conclusions at the expense of the GDPR’s aims to harmonize the data protection framework across the EU. The decision allows Member States to decide individually the territorial scope of de-referencing obligations, thus creating the potential for different results based on where the requester resides. By creating the potential for national data protection authorities to apply stronger protections than those afforded by the GDPR, this decision could be seen as another brick in the ‘data privacy wall’ which the CJEU has built to protect EU citizens. This note thus argues that Google LLC v CNIL’s significance can only be understood by situating it in the broader context of CJEU’s recent data privacy decisions, which reveals the continued forcefulness of the CJEU’s stance on data protection after Snowden and Cambridge Analytica scandal.