Private Law Research

Referees 2023

Referees

Referees 2021

Referees

Referees

Current Issue

By Issue

By Author

By Subject

Author Index

Keyword Index

About Journal

Aims and Scope

Publication Ethics

Indexing and Abstracting

Related Links

FAQ

Peer Review Process

Journal Metrics

News

The Scope of Applying the Right to Be Forgotten in Cyberspace, Focusing on the European Court of Justice Jurisprudence

Document Type : Research Paper

Authors

1 Associate professor of faculty of law of Qom university. Qom, Iran.

2 Ph.D. student in iPhD. Student of International Law, faculty of law of Qom university. Qom, Iran.

Abstract

The right to be forgotten, which is the ability of the data subject to request the deletion of personal data related to him/her from the servers of cyberspace processors, has been respected as one of the most fundamental rights of cyberspace users in the European legal system. However, there are differences in legal documents and judicial procedures regarding the manner and scope of application of this right by this system. Therefore, after examining the European General Data Protection Regulation document, the judicial procedure of the European Court of Justice in two of the most important cases related to the scope of application of this right, the following results are obtained:
- The right to be forgotten applies only to personal data and processors are not required to delete other data that do not have this feature.
- If personal data have been anonymized using technical methods and means, in such a way that the identity of the data subject can no longer be established using common and conventional methods and means, the right to be forgotten will not be possible.
- Despite the apparent similarity in the processing operations, the right to be forgotten should not be confused with the right to restrict access and processing, because the result of the first right is the complete deletion of the user's personal data from the processor's servers and all related third-party contractors and service providers, while the result of the second right is only the imposition of restrictions on the transfer and disclosure of personal data to processors and third-party contractors, and in this case, the personal data of individuals will still be in the possession of the primary processor.
- The case law of the European Court of Justice indicates that, despite the supremacy of European law over the national laws of the member states and the elimination of economic borders in this Union, the application of the General Data Protection Regulation in two important cases related to Google concerns the exercise of this right only in the cyberspace of the applicant's country of residence. In other words, despite the possibility of exercising cross-border jurisdiction by the European Court of Justice, which was previously mentioned, according to this judicial institution, it is possible for European users to enjoy this right only within the territory of their country of residence, and the Court has not extended the removal of links related to the data subjects to the entire geographical area of Europe or to the entire cyberspace of the world.
- It should be noted that while the Court in the two judgments of Gonzalez and the French Observer defines the geographical scope of the right to be forgotten as the territory of the Member State of the Union, as was pointed out in the Pizczek case, it does not bind the Member States to issue a non-referral order on a global scale and, if the Member State observes the relevant considerations in order to protect the fundamental rights of the data subject, it has the right to take a decision on such a scale.
- From the Court's perspective, criteria such as the role of the data subject in social life, the nature of the data in question, and the balance of the data subject's fundamental rights to private life and the public right to access information should be taken into account when authorizing the issuance of a non-referral order, and these criteria also have a direct impact on the determination of the scope of the right to be forgotten by the courts of the Member States and the Union.
Finally, it seems that the European Court of Justice, regarding the scope of application of this right, first examines the mentioned criteria by considering the unique circumstances of each case and finally balances the individual's right to data protection and privacy against the public's right to freedom of access to information; then, if the fundamental right of the data subject to have a private life takes precedence over the public right to freedom of information and expression, it orders their deletion on various scales, whether regional or global, depending on the individual's social personality and the nature of the data. However, if all the conditions for deleting links related to the individual are not met, a non-referral order may not even be issued. Finally, given the importance of the General Regulation document in today's cyberspace, as well as the practice of the Union's supervisory institutions, including national supervisors, the European Data Protection Board, and the courts of the member states and the Union, in preventing access to user data and communication with official Union platforms, in addition to imposing heavy financial fines, as a result of non-compliance with the provisions of the said document and lack of coordination with Union laws, and also considering the cross-border applicability of the provisions of the said document and the procedure that the Union has taken to maximally support this unique feature, it seems that all non-member countries (such as Iran) that intend to exchange information with Union member states, access the data of European citizens, or provide services within the Union should take the necessary measures to synchronize themselves with Union regulations and update their national data protection organizations and laws in this regard, so as to both benefit from the benefits of cooperation with global platforms and limit the application of foreign Union laws in their territory by formulating national laws

Keywords

Main Subjects

References
Abril, Patricia Sanchez and Lipton, Jacqueline D., The Right to be Forgotten: Who Decides What the World Forgets?, Kentucky Law Journal: Vol. 103: Iss. 3, 2014.
David, Erdos, The ‘right to be forgotten’ beyond the EU: an analysis of wider G20 regulatory action and potential next steps, Journal of Media Law, 2021. https://doi.org/10.1080/17577632.2021.1884947
ECJ, JUDGMENT OF THE COURT (Grand Chamber), JUDGMENT OF 13. 5. 2014 — CASE C-131/12 GOOGLE SPAIN AND GOOGLE, (Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González).
ECJ, JUDGMENT OF THE COURT (Grand Chamber), JUDGMENT OF 6. 10. 2015 — CASE C-362/14, (Maximillian Schrems v Data Protection Commissioner).
ECJ, JUDGMENT OF THE COURT (Grand Chamber), JUDGMENT OF 24. 9. 2019 — CASE C-507/17, GOOGLE (TERRITORIAL SCOPE OF DE-REFERENCING), (Google LLC, successor in law to Google Inc. v Commission nationale de l’informatique et des libertés (CNIL)).
ECJ, JUDGMENT OF THE COURT (Grand Chamber), JUDGMENT OF 16. 7. 2020 — CASE C-311/18 FACEBOOK IRELAND AND SCHREMS, (Data Protection Commissioner v Facebook Ireland Ltd, Maximillian Schrems).
ECJ, JUDGMENT OF THE COURT (Third Chamber) of 3 October 2019, Eva Glawischnig-Piesczek v Facebook Ireland Limited, Case C-18/18.
Eugenia, Politou and Alexandra, Michota, Backups and the right to be forgotten in the GDPR: An uneasy relationship, Computer Law & Security Review, Volume 34, Issue 6, December 2018. https://doi.org/10.1016/j.clsr.2018.08.006
European Court of Human Rights, GRAND CHAMBER, (CASE OF AXEL SPRINGER AG v. GERMANY), 7 February 2012.
European Court of Human Rights, First Section, (CASE OF BIANCARDI v. ITALY), 25 November 2021.
European Court of Human Rights, GRAND CHAMBER, (CASE OF HURBAIN v. BELGIUM), 4 July 2023.
European Data Protection Directive (1995).
European Court of Human Rights, First Section, (CASE OF BIANCARDI v. ITALY), 25 November 2021.
European Court of Human Rights, GRAND CHAMBER, (CASE OF AXEL SPRINGER AG v. GERMANY), 7 February 2012.
European Court of Human Rights, GRAND CHAMBER, (CASE OF HURBAIN v. BELGIUM), 4 July 2023.
European General Data Protection Regulation (2016), Regulation (EU) 2016/679.
Fabbrini, Federico and Edoardo, Celeste, The Right to Be Forgotten in the Digital Age: The Challenges of Data Protection Beyond Borders, German Law Journal 21, no. 1, 2020. https://doi.org/10.1017/glj.2020.14.
Garg, S., Goldwasser, S., Vasudevan, P.N., Formalizing Data Deletion in the Context of the Right to Be Forgotten. In: Canteaut, A., Ishai, Y. (eds) Advances in Cryptology – EUROCRYPT 2020. EUROCRYPT 2020. Lecture Notes in Computer Science, vol 12106. Springer, Cham, 2020.
GUIDELINES ON THE IMPLEMENTATION OF THE COURT OF JUSTICE OF THE EUROPEAN UNION JUDGMENT ON “GOOGLE SPAIN AND INC V. AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS (AEPD) AND MARIO COSTEJA GONZÁLEZ” C-131/12, Adopted on 26 November 2014
https://curia.europa.eu/juris/document/document.jsf?docid=48382&doclang=en
https://eitaa.com/privacy/;
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131.
https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:62017CJ0507.
https://gdpr-info.eu/recitals/no-66
https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5.
https://oag.ca.gov/privacy/ccpa#:~:text=As%20of%20January%201%2C%202023,personal%20information%20collected%20about%20them.
https://rubika.ir/policy;
https://splus.ir/p/privacy
https://www.congress.gov/bill/106th-congress/senate-bill/900?q=%7B%22search%22%3A%5B%22s.+3273%22%5D%7D, (Public Law No: 106-102);
https://www.congress.gov/bill/107th-congress/house-bill/2458, (Public Law No: 107-347);
https://www.congress.gov/bill/108th-congress/house-bill/2622?q=%7B%22search%22%3A%22H.R.+2%22%7D&s=1&r=53, (Public Law No: 108-159);
https://www.digikala.com/page/privacy/.
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-312#312.10.
https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act;
https://www.ftc.gov/legal-library/browse/statutes/fair-accurate-credit-transactions-act-2003;
https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html#:~:text=The%20Health%20Information%20Technology%20for,use%20of%20health%20information%20technolog;
https://www.justice.gov/opcl/e-government-act-2002.
https://www.law.cornell.edu/uscode/text/15/1681.
https://www.law.cornell.edu/uscode/text/15/6801
https://www.law.cornell.edu/uscode/text/42/300jj.
https://www.law.cornell.edu/uscode/text/44/3501.
Hunter, Criscione, Forgetting the Right to be Forgotten: The Everlasting Negative Implications of a Right to be Dereferenced on Global Freedom in the Wake of Google v. CNIL, 32 Pace Int'l L. Rev. 315, 2020. https://doi.org/10.58948/2331-3536.1400
Jeffrey, Rosen, THE RIGHT TO BE FORGOTTEN, 64 STAN. L. REV. ONLINE 88, 2012.
Jones, Meg and Ausloos, Jef, The Right to Be Forgotten Across the Pond, Journal of Information Policy, Volume 3, 2013. https://doi.org/10.5325/jinfopoli.3.2013.0001
Jure, Globocnik, The Right to Be Forgotten is Taking Shape: ECJ Judgments in GC and Others (C-136/17) and Google v CNIL (C-507/17), GRUR International, Volume 69, Issue 4, 2020.
Robert, Kirk Walker, Note – The Right to Be Forgotten, 64 Hastings L.J. 257, 2012.
Susi, Mart, "The Right to Be Forgotten" In the Cambridge Handbook of New Human Rights: Recognition, Novelty, Rhetoric, edited by Andreas Von Arnauld, Kerstin Von Der Decken, and Mart Susi, 287-99. Cambridge: Cambridge University Press, 2020.
Tiffany Li, Eduard Fosch Villaronga & Peter Kieseberg, Humans Forget, Machines Remember: Artificial Intelligence and the Right to Be Forgotten, in 34 Computer Law & Security Review 304, 2018.
 
Translated Persian References
Eslami, Reza and Faizi, Farinaz, "The right to be forgotten and the challenges facing it", Legal Journal, 80 (94), (2015). [In Persian]
Qabouli Darafshan, Seyyed Mohammad Hadi and others, "The right to be forgotten on the scales: a need caused by virtual space or a threat to freedom of expression!", Public Law Research, 19(58), (2017). [In Persian]
Gholami, Nabiollah and Moazen Zadegan, Hassan Ali, "The right to be forgotten; From Conceptology to its Challenges", Islamic Law, 14(54), (2016). [In Persian]
Hadizadeh, Zohre, the right to be forgotten, a new example of human rights, Master's thesis, Faculty of Law, (Qom University, 2016). [In Persian]
Sharifi Kia, Mohammad Ali, the right to protect personal information in the cyber space, with emphasis on the European Union's personal data protection directive, Master's thesis, Faculty of Law, (Farabi Faculty of Tehran University, 2019). [In Persian]
Sharifi Kia, Mohammad Ali and Shabani Jahormi, Farideh, "Extraterritorial applications of the European Law of Personal Data Protection in America", Iranian Journal of International Politics, 12 (1), (2023). [In Persian]
Sharifi Kia, Mohammad Ali and Shabani Jahormi, Farideh, "The condition of data being considered personal in the cyberspace, a comparative study of the European general regulations on data protection and Iranian rights", "Private Laws" Scientific Journal, 19(1), (2022). [In Persian]
Zamani, Seyyed Ghasem and Attar, Shima, "Human rights and the right to be forgotten in the era of modern information technologies", International Legal Journal, 33(No. 55 (Autumn-Winter)), (2016). [In Persian]
 
 
Private Law Research
Volume 12, Issue 47
July 2025
Files
Share
How to cite
Statistics