Cyber Security – CERTs, Policy, etc

Explained: Right to be forgotten


From UPSC perspective, the following things are important :

Prelims level : Right to be forgotten

Mains level : Read the attached story

  • The European Court of Justice (ECJ) ruled in favour of the search engine giant Google, which was contesting a French regulatory authority’s order to have web addresses removed from its global database.
  • The court ruled that an online privacy rule known as the ‘right to be forgotten’ under European law would not apply beyond the borders of EU member states.
  • The ruling comes as an important victory for Google, and lays down that the online privacy law cannot be used to regulate the internet in countries such as India, which are outside the EU.

The ‘Right to be forgotten’

  • The right to be forgotten empowers individuals to ask organisations to delete their personal data.
  • It is provided by the EU’s General Data Protection Regulation (GDPR), a law passed in 2018.
  • It states: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”
  • Under Article 2 of the GDPR, “personal data” means “any information relating to an identified or identifiable natural person (“data subject”)”.
  • “Controller” means “the natural or legal person, public authority, agency or any other body which… determines the purposes and means of the processing of personal data”.


  • In 2015, the internet regulating agency in France, required that Google go beyond its practice of region-specific delinking, and ordered the search engine company to delete links from its global database.
  • Google refused to abide by the order, arguing that following the same would impede the free flow of information across the world.
  • This led to the slapping a fine of EUR 100,000 (around INR 77 lakh) on Google in 2016 so it challenged the order at the ECJ.

Conclusion: No privacy law beyond EU

  • Google contended that implementing the online privacy law beyond the EU would hamper access to information in countries around the world, especially those ruled by authoritarian governments.
  • Arriving at a landmark ruling, the ECJ has now restricted applying the privacy law beyond the EU.
  • It has also observed that the EU cannot enforce the ‘right to be forgotten’ on countries which do not recognise such a right.
Notify of
Inline Feedbacks
View all comments