The situation with we deal starts from the appeal of a professor to the personal data protection authority in order to ask Google the erasure from the list of the result of the browser of 26 URLs arose typing his own name and surname.
These URLs were linked to anonymous messages or short articles that he considered offensive to his dignity and reputation, published in forums or amateur websites containing information related to his presumed health status and supposed crimes linked to his career, that in realty he never committed or even had been suspected.
The Authority, by judgement issued on December 21, 2017, allowed the application and ordered Google the complete deindexing of the 26 URLs. The decision took account of the guidelines of the Working Party 29 issued after the case Google Spain (WP225) in connection to personal campaigns against a specific subject in the form of a “rant” or personal unpleasant or inexact comments in real terms.
The provision was challenged by Google which opposed the decision supporting the incompetence of the Authority and remit the application to the ordinary judicial Authority.
The court of Milan by judgement no. 7846 of September 5,2018 reaffirmed the competence of the personal data protection authority for what concerns the evaluation of the lawfulness of the processing started with the diffusion of data related to the applicant from which “it is possible to verify if there is an offense to the right to the correct processing of personal data and to the right to honor, good reputation and image”.
Basically, the judgment of the Authority in connection to the honor and the reputation detects only as “consequence of the offence to the personal identity realized by an illicit processing of the personal data”.
Thus, the browser has to defend itself only in relation to the correctness of the processing made by indexing and not also to the defamatory character of the content diffused by third parties.
The Court considered to grant the deindexing to protect the right to disassociate the name from a specific result of the search because “the reduction of the online visibility represents a functional aspect of the right to personal identity, that is not the right to be forgotten, that implies and asks for an evaluation of different interests involved: the one of the person not to be found online and the one of the browser”.
The deindexing happens when is concerned the protection of the exactness of the data processed, even if the temporal criteria requested is not detected as fundamental element of the right to be forgotten.
The right to be forgotten is disciplined by art. 17 of European Regulation 2016/677 and is part of the rights guaranteed and exercisable by each data subject. Recital 66 also deals with it, and although it is not a provision of equal normative force, it is not of lesser importance.
The right to be forgotten is disciplined by art. 17 of European Regulation 2016/677 and is part of the rights guaranteed and exercisable by each data subject. Whereas 66 also deals with it, and although it is not a provision of equal normative force, it is not of lesser importance.
The claimant’s request for de-indexing is certainly based on the “right to be forgotten” of jurisprudential origin – Google Spain(2014) case – then recognized in Article 11, paragraph 1, of the “Declaration of Rights on the Internet” and now within the EU Regulation 2016/679, but can be exercised regardless of the time criterion.
Finally, the issue of global de-indexing remains unsolved.
In fact, the above-mentioned measure will remain suspended until the decision of the Court of Justice, called to rule on the opposition submitted by Google against a decision of the French Data Protection Authority (CNIL) as a result of the referral made by the French Council of State.
It will be extremely interesting to analyse the decision of the Court of Justice in the context of the provisions of the European Regulation, Article 3 of which extends the boundaries of data protection beyond the Italian area.