Right to be Forgotten: Google loses landmark case
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Right to be Forgotten: Google loses landmark case

A Dutch surgeon successfully sued Google to have negative search results de-listed

The Right to be Forgotten is a bit more controversial than it might seem on its face. On the one hand, privacy advocates claim that it’s necessary for the protection and privacy of individuals. On the other, free speech advocates argue that it undermines others’ right to express themselves.

Where you fall on that spectrum is largely a matter of geography. In Europe, specifically with EU countries, the Right to be Forgotten is now codified in the GDPR. Across the Atlantic, in the US – where  corporations enjoy the same rights as individuals (in addition to their rights as a corporation) – the very idea of a Right to be Forgotten is unpalatable to those with the power to make it law.

But this isn’t a screed about the ethics and wisdom behind such a right, no today we’re going to discuss a fairly landmark ruling against Google, then we’ll delve into some of the minutiae that surrounds this case.

Let’s hash it out.

What is the Right to be Forgotten?

We’ve written about the Right to be Forgotten at length, but we’ll give it a cursory recap just in case. The Right to be Forgotten gives individuals the ability to have negative content removed or de-listed.

Now, there are a lot of restrictions on this. For instance, you have to show that the content in question is injurious and either baseless or that sufficient time has elapsed so as to render it less relevant. This is not carte blanche to get any bit of negative publicity removed from the internet. In fact, in Google’s case the search giant isn’t removing content at all, it’s simply de-listing results. We’ll get to the ramifications of that in a minute.

But it’s important to remember that the Right to be Forgotten is only supposed to apply when a party has been legitimately wronged. As has been borne out in previous court decisions, the Right to be Forgotten doesn’t apply to things like negative reviews or criminal activity – things that could be deemed useful to the public.

The first Right to be Forgotten case happened about a decade ago and centered around a Spaniard that was attempting to have coverage of a decade’s old financial problem removed. The man had been forced to sell off some property to satisfy a debt. Ample time had passed and the man had rebuilt his finances since then. The court ruled in his favor and Google was forced to de-list those results.

What happened with this case?

Our tale takes us to the land of Nether, where some years ago a Dutch surgeon had a complaint filed about a lack of “organization [sic] and aftercare” in her clinic. The Regional Disciplinary Court for Healthcare, which administers the BIG register – a list of healthcare professionals that are authorized to practice medicine in the Netherlands – suspended the surgeon from said register.

Upon appealing the decision, the Central Disciplinary Court for Healthcare threw out the original ruling and replaced it with a conditional suspension of her registration for a few months. That meant that the surgeon was allowed to continue practicing medicine (I’ve always found it a little disconcerting that you “practice” medicine).

Unfortunately, a quick Google search was all it took for news of the surgeon’s original penalty to surface as one of the top search results.

“Those search results were very, very prominent when you looked up the doctor’s name,” said Willem van Lynden, the surgeon’s attorney. “It was the first result on the first page – and that gave a totally wrong impression of the doctor’s capabilities because, yes, there had been a sanction but she had been treating patients for 40 years, and she has had one sanction in those 40 years.”

Google refused to de-list the result, so it went to the courts, which ultimately ruled in the surgeon’s favor.

To give you a bit of context, that would probably never happen in the US, as Google has won a court decision that declares its search results to be “free speech.” Remember, US corporations have the same rights as an individual.

But in Europe, that’s not the case. Though the suit occurred last July, it was only made public on Monday. In its decision a district court in Amsterdam ruled:

“[The surgeon] has an interest in not indicating that every time someone enters their full name in Google’s search engine, (almost) immediately the mention of her name appears on the ‘blacklist of doctors’, and this importance adds more weight than the public’s interest in finding this information in this way”.

How did this decision go over with the public?

Frankly, the general public probably doesn’t care all that much one way or another. But privacy advocates and free speech advocates certainly do.

Obviously, this was a win for the privacy camp. As Colm McGrath, a specialist in medical law at King’s College London, told Medscape News UK:

“Citizens may not understand that there are different gradations of infraction and there are different ways in which one can fall foul of the professional regulator, and not all are worthy of the level of stigma we might put upon it.”

Added Van Lynden:

“The people who want this information can still access it, and if that is the case why do you need these other pages detailing the sanctions? Those who are screaming high and low that this is censorship and we should have access – you still have it, and there really is no problem.”

But not according to Bryan Vernon, a senior lecturer in healthcare ethics at Newcastle University:

“A disciplinary committee’s primary aim should be ensuring patient safety. This committee believed she was safe to practice, albeit with conditions. Such information could influence a patient consenting to treatment from her. Informed consent is central to patient care. Concealing such information could undermine trust in the medical profession. Blacklisting means that she should be avoided: this is an opinion, not a fact, and not what the appeal committee had decided. It was, however, what the original committee believed. Unless new facts came to light, it is hard to see the original decision as libellous. Reporting it is hardly irrelevant or excessive. When balancing the right to free speech and a patient’s right to informed consent against doctors’ interests in suppressing unfavorable opinions about them, I find it hard to support the doctor in this case.”

It worth mentioning, again, that this content wasn’t actually deleted from the internet. It can still be accessed by visiting the BIG register online. Google just can’t list it in its search results in the Netherlands anymore.

As for the rest of the world, that’s another conversation. One of the things the European Union tried to do with its GDPR was write it in such a way that it could easily integrate with the national laws of a diverse set of nations. That’s also one of the GDPR’s biggest weaknesses. Right now, there’s nothing that says Google can’t continue showing that search result in other locations. Obviously, that’s going to end up getting challenged in court, too. But in the meantime, I wouldn’t expect Google to do anything else beyond what it’s required to.

If you need evidence of that look no further than the $57-million fine that was just imposed on it by the French DPA.

As always, leave any comments or questions below…

Hashed Out by The SSL Store is the voice of record in the SSL/TLS industry.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.