Skip to main content
Please use your usual website log-in details. If you have any issues, please e-mail

CJEU: Search engines are data controllers

Posted by malcolm on Tuesday, May 13th, 2014 at 11:55

Search engines are data controllers within the meaning of the Data Protection Directive, and responsible for complying with the data protection principles in respect of the processing they do of personal data, says Europe’s highest court, the Court of Justice of the European Union (CJEU).

In Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, the CJEU upheld the right of a user to suppress search results on his name that pointed to newspaper articles about him. CJEU found that Google, as a search engine, processed personal data, by determining which links would appear in response to a search on an individual’s name, and is the “data controller” for that processing. This applies even when the data attached to the individual’s name exclusively concerns data that has already been published, and regardless of the fact that the processing was performed without distinction to the data, other than the personal data.

By finding Google to be a data controller in its own right, the CJEU was able to apply the full scope of the Data Protection Directive to Google, and arrive at a decision that users can, in some circumstances, have a “right to be forgotten”, even in respect of data that was originally published lawfully.

Finally, in response to the question whether the directive enables the data subject to request that links to web pages be removed from such a list of results on the grounds that he wishes the information appearing on those pages relating to him personally to be ‘forgotten’ after a certain time, the Court holds that, if it is found, following a request by the data subject, that the inclusion of those links in the list is,  at this point in time, incompatible with the directive, the links and information in the list of results must be erased. The Court observes in this regard that even initially lawful processing of accurate data may, in the course of time, become incompatible with the directive where,  having regard to all the circumstances of the case,  the data appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed.

If that is the case, the links to web pages containing that information must be removed from that list of results, unless there are particular reasons, such as the role played by the data subject in public life, justifying a preponderant interest of the public in having access to the information when such a search is made.

With over 720 members connecting from over 70 different countries worldwide, LINX members have access to direct routes from a large number of diverse international peering partners.

© London Internet Exchange, 2016 Registered office: London Internet Exchange Limited, 2nd Floor, Trinity Court, Trinity Street, Peterborough PE1 1DA United Kingdom . Registered in England, Number: 3137929
VAT Registration Number: GB 665 9580 82 Head office main telephone number Telephone: +44 (0)1733 207700 Fax: +44 (0)1733 207729

Web Design by Web Design by Bluestorm Design & Marketing

Leave Feedback


This site uses cookies to store information on your computer. Some of these cookies are essential to make our site work and have already been set. By using our site you accept the terms of our Privacy Policy.