WHAT DO WE HAVE THE RIGHT TO KNOW? THE CASE LAW OF THE EU COURT ON FUNDAMENTAL RIGHTS IN THE AGE OF THE INTERNET

Author

Dr. Niilo Jääskinen, Advocate General, Court of Justice of the European Union

1.      Introduction

In 1860 Frederick Douglass, an American abolitionist and a former slave, said that “[t]o suppress free speech is a double wrong. It violates the rights of the hearer as well as those of the speaker.”[1]

Even though it is often overlooked, the major European human rights instruments, the European Convention of Human Rights[2], in its Article 10, and the Charter of Fundamental Rights of the European Union[3], in its Article 11, guarantee not only the freedom of expression but also a fundamental right to receive information. The same goes for many national constitutions.

The freedom to receive information is often seen as included in the freedom of expression, as its corollary or mirror image. For example, in accordance of Article 11 of the Finnish constitution “Freedom of expression entails the right to express, disseminate and receive information, opinions and other communications without prior prevention by anyone.”

In most binary situations comprising only a “speaker” and a “hearer” – meaning here the origin and the addressee of a communication – this is indeed the case. The hearer’s freedom to receive information does not add any new legally relevant element to the speaker’s freedom of expression and vice versa.

This said, it is of course the desire to restrict or prevent dissemination of information that most often motivates measures restricting freedom of expression. I recall that in the famous British trial of 1960 concerning D. H. Lawrence’s novel Lady Chatterley’s lover, the chief prosecutor, Mervyn Griffith-Jones, asked the jury if it were the kind of book they would wish their wife, children, or servants to read.[4] Thus the aim of full or partial censorship might be viewed as preventing the potential hearer from being influenced by the subject matter in issue, rather than to attack the speaker.

However, the freedom to receive information comes into its own as a self-standing right once we add a third party to the picture. What happens in triangular situations when there is a third party between the speaker and the hearer? This third party acts as an intermediary enabling or facilitating the passage of communication from the speaker to the hearer, or as a gatekeeper, or both. Modern technology, and in particular the internet, inevitably creates situations of this kind. Various internet service operators stand between the speaker and the hearer. In other words, modern technology has generated some crucial issues concerning the fundamental right to receive information.

Article 11, paragraph 1, of the Charter on freedom of expression, unlike Article 10 ECHR, does not spell out in so many words any limitations, restrictions or exceptions to the various rights protected by that provision. However, as is well known, there is a general limitation provision in Article 52, paragraph 1, of the Charter and this applies to Article 11. As a consequence, the freedom to receive information can be restricted if the restriction is provided by law, respects the essence of the right, and is proportionate in relation to the legitimate aim pursued in the course of limiting it.

Further, in practice all forms of freedom of communication need to be balanced with other fundamental rights recognised by the Charter such as respect for privacy under Article 7, the right to data protection under Article 8, the freedom to conduct a business under Article 16, the right to property, including intellectual property, under Article 17, and the fundamental right to non-discrimination under Article 21. As we will see in a few moments, this balancing exercise has been crucial to the contribution made thus far by the Court of Justice to the place of the freedom to receive information in the scheme of fundamental rights protected by the Charter.

Nor, I would add, has freedom to receive information been entirely overlooked by the EU legislator. EU law features several legislative acts which pertain to the freedom to receive information. For example, the Directive 2000/31 on electronic commerce[5] includes provisions restricting the liability of internet service providers concerning the data they carry or host for third parties.[6] The Audiovisual Media Services Directive 2010/13[7] establishes for the public a right of access to information on events of high public importance.[8] The Framework Decision 2008/913/JHA on combatting certain forms and expressions of racism and xenophobia by means of criminal law[9] and Directive 2011/92 on combatting the sexual abuse and sexual exploitation of children and child pornography[10] set legal limits to information that may be received.

How then, has the Court of Justice thus far fitted the freedom to receive information into the matrix of EU fundamental rights law? The right has arisen in the context of two substantive areas of law, namely intellectual property law and data protection law. I will address the first of these before turning to the second.

2.      The freedom to receive information and EU intellectual property law

It is important to underscore that, pursuant to Article 17, paragraph 2, of the Charter, the property rights protected by the instrument also include intellectual property. The Court of Justice had the occasion to consider a request to uphold the freedom to receive information, allegedly arising from assertion of the competing right to intellectual property in Case C-479/04, Laserdisken v Kulturministeriet[11]. In fact, the freedom to receive information had been recognised by the Court in its 1980’s and 1990’s case law relating to TV broadcasting and cable TV distribution[12], but Laserdisken seems to be the first case in which it was discussed in detail.

In this reference for a preliminary ruling from a Danish court the applicant had imported and marketed in Denmark DVDs originating in countries outside the European Economic Area, and felt that it had suffered a drop in sales due to Article 4, paragraph 2, of Directive 2001/29 on the harmonisation of certain aspects of copyright and related rights[13]. For the applicant the source of the problem lay in the fact that this provision established the principle of exhaustion of copyright and related rights within the EU, but excluded its application concerning distribution of works or their copies where the first sale or other transfer of ownership had taken place outside the EU either by the rightholder or with his consent. Thus, one of the arguments the applicant raised was that the intellectual property laws in issue hampered the freedom of their customers to receive the ideas and information contained in the affected third country DVDs.

The Court found that even if the exhaustion rule complained of by the applicant were capable of restricting the freedom to receive information guaranteed in Article 10 of the ECHR, such a restriction would be justified in the light of the need to protect intellectual property rights, including copyright, which form part of the right to property.[14] In other words, the Laserdisken case is an example of the Court balancing freedom to receive information against intellectual property rights, with the latter winning out over the former.

Even so, the Court of Justice has been more positively disposed to the freedom to receive information in situations where intellectual property right-holders have requested the filtering of electronic communications or the blocking of access to certain IP addresses in order to combat illicit dissemination of protected works. In this scenario, to date the freedom to receive information has trumped the interests of the intellectual property right holders.

This question arose in 2011 in Case C-70/10, Scarlet Extended[15], and in 2012 in Case C-360/10, SABAM v Netlog[16]. In these cases SABAM, an organisation representing copyright holders in Belgium, had sought an injunction against Scarlett, an internet access service provider, and Netlog, an internet hosting service provider, because their clients were engaged in illicit peer-to-peer distribution of copyright protected works.

In both Scarlett Extended and SABAM v Netlog SABAM sought an injunction that was formulated in broad and general terms and required Scarlet and Netlog, at their own expense, to control all traffic and/or data of all of their customers.[17]

The Court took the view that the authorities may not impose on operators providing access to internet or hosting of third party data a general obligation of surveillance with respect to all data traffic or hosted data. Such an injunction was held by the Court to be incapable of adequately distinguishing between unlawful and lawful content. It would infringe, inter alia, the internet users’ access to lawful content. Hence, if the injunction were issued, there would be no correct balance between the fundamental right of freedom to receive information and the right to property.[18]

However, the Court has green lighted restrictions of this kind when they have been circumscribed more narrowly. In Case C-314/12 UCP Telekabel Wien[19] an injunction was also sought to prevent illicit peer-to-peer distribution. The Court was asked whether orders could be made to block access to certain web sites and IP addresses that allowed illicit distribution of copyright protected films.

The Court held that an internet access provider can be ordered to block access to such sources, if this can be done in such a way as to not impede internet users’ access to lawful content. Therefore, the measures adopted by the internet service provider had to be strictly targeted in the sense that they had to serve only to bring an end to a third party’s copyright or related right. Failing that, the inference in the freedom to receive information of internet users would not be justified in the light of the objective pursued.[20]

Balancing freedom to receive information and property rights has also been addressed by the EU legislator in the context of television broadcasting activities. The Audiovisual Media Service Directive is an example of such a measure. The said Directive permits exclusive licensing of broadcasting rights concerning events of high interest to the public. In practice this refers to most important sports and cultural events. However, any EU broadcaster has access on a fair, reasonable and non-discriminatory basis to such events for the purpose of short news reports. They may pick short extracts from the transmitting broadcaster’s TV signal and use them solely for general news programs. The transmitting broadcaster, having an exclusive broadcasting right of the event, may only request compensation of the direct costs incurred because of the access to the signal.[21]

The arrangement established by the Audiovisual Media Service Directive was reviewed by the Court in Case C-283/11, Sky Österreich[22], a case in which the compatibility of the Directive with various fundamental rights was considered.

First, and with regard to the right to property under Article 17 of the Charter, the Court held that exclusive rights to broadcasting are not property rights but merely contractual rights. In fact, in EU law, unlike some national legal systems, organizers of sports and cultural events don’t have an exclusive property right type of a right concerning the broadcasting of the event. Therefore Article 17 of the Charter could not be relied on by a broadcaster in order to limit access for the purpose of short news reports.[23]

Secondly, the Court also found that the scheme in the Audiovisual Media Service Directive had the aim of safeguarding the fundamental right to receive information and to promote pluralism in the media. Both of these were protected by Article 11 of the Charter. The Court noted that safeguarding the right to information is a particularly important aim in a democratic and pluralistic society, and this importance was particularly evident in the case of events of high interest to the public. The Court noted that the European Union legislature was required to strike a fair balance between the right to conduct business protected under Article 16 of the Charter and the right to receive information and media pluralism. In the case at hand the legislature was entitled to limit the freedom to conduct a business, and to give priority to public access to information over contractual freedom.[24]

Thus, the challenge brought by the applicants to the scheme set up by the Audiovisual Media Service Directive failed.

3.      Freedom to receive information and EU data protection law

A further dimension to the freedom to receive information is provided in cases concerning EU data protection law. As Advocate General Kokott observed in Case C-73/07 Satamedia, “[s]trict application of the data protection rules could substantially limit freedom of expression. Investigative journalism would to a large extent be ruled out if media could process and publish personal data only with the consent of, or in conformity with information provided by, the person concerned.”[25] In other words, EU data protection law could potentially provide a powerful weapon for those seeking the suppression of information, and the right to receive it, that falls within the meaning of ‘personal data’.

In order to understand why this could be the case, it is necessary to bear in mind the core principles of EU data protection law. First, according to Article 2 of the Data Protection Directive, that is Directive 95/46,[26] ‘personal data’ means any information relating to an identified or identifiable natural person called the ‘data subject’. Secondly, the ‘processing of personal data’ is given a very wide meaning in the Directive. It refers to, among other things, any operation which is performed upon personal data, such as collection, recording, organizing, storage, adaptation or alteration, retrieval, consultation, use, destruction, disclosure by transmission, or otherwise disseminating data. However, the scope of the Directive is narrowed in the sense that, with some exceptions, the Directive only applies to processing by automatic means. Thirdly, ‘controller’ of data processing means the natural or legal person, public authority, agency or any other body, which alone or jointly with others determines the purposes and means of the processing of personal data.

There are two fundamental rights protected by the Charter that are relevant to the processing of personal data, namely the right to respect for private and family life in Article 7 and the right to protection of personal data in Article 8. Admittedly, the relationship between these provisions is not very clear.

In the first place, due to the extremely wide scope of the notion of privacy that has been adopted by the two European courts[27], any communication of personal data to a third party constitutes, on its face, an interference with the Article 7 right of the persons concerned to respect for private life, whatever subsequent use might be made of this information.

In the second place, in my opinion infringement of the fundamental right to data protection arises in narrower circumstances. If data processing complies with the criteria set out in Article 8, paragraph 2, of the Charter, there is no interference with this fundamental right. This provision sets out the principles of fairness, specific purpose, consent by the data subject or other legitimate basis, and access to and rectification of data as benchmarks for legitimate processing of personal data.

Hence, any instance of automatic processing of personal data is bound to raise the question of justification of the interference in one or both of these fundamental rights as provided in Article 52, paragraph 1, of the Charter. Even in this context the Court has been called on to balance these two fundamental rights against the right to receive information, and consider the question of legitimate limitations.

Here it is first necessary to consider the Lindqvist case[28]. Back in 1998 Mrs Lindqvist worked as a part-time catechist in a parish in Sweden. She followed a computing course on which she had to, among other things, set up a home page on the internet. She set up internet pages at home on her personal computer in order to allow parishioners preparing for their confirmation to obtain information they might need. The pages in question also contained information about her and her colleagues in the parish, sometimes including their names, family circumstances and telephone numbers. She also stated that one colleague had injured her foot and was on half-time employment on medical grounds. At her request the administrator of the Swedish churches website set up a link between that site and her webpages. For doing all this she was prosecuted in criminal proceedings for a breach of Swedish data protection law.

The Court found that Mrs Lindqvist was a data controller under EU law, because placing information considered to be personal data on a home page on the internet involved an automated process. Moreover, she was not saved by the exemption from the scope of the Directive of data processing for exclusively personal or household purposes, because her parish activities could not be considered to fall within this category.[29]

Hence, we must conclude that putting any information about identifiable persons on the internet constituted processing of personal data, and in consequence, a potential interference with the right to privacy, the right to data protection, or both.

At the time of the passage of the Data Protection Directive, the Community legislature was not unaware of the fact that data protection may cause problems with regard to freedom of expression and freedom to receive information. As a consequence, it was stated in the preamble of the Data Protection Directive that data protection principles were to be applied in a restrictive manner when personal data is processed for purposes for journalism or the purposes of literary or artistic expression.[30] This is reflected in Article 9 of the Data Protection Directive allowing the Member States a competence to establish exemptions or derogations for these purposes.

The Court interpreted Article 9 of the Data Protection Directive in Case C-73/07 Satamedia[31]. The case concerned a Finnish company which republished official information concerning taxation of persons with revenue over a certain threshold. Publication took the forms of a printed newspaper and an on-demand text message service. In Finland tax information is public and accessible both to media and private parties.

The Court established two important principles in this case. Firstly, it found that republication of personal data that has already been published or which had otherwise entered the public domain remained, nevertheless, processing of personal data and thus subject to the provisions of the Data Protection Directive.[32]

Secondly, journalism was given a wide definition. It comprised any activity with the sole object of disclosure to the public of information, opinions or ideas. The notion of journalism applied not only to media undertakings but to any person engaged in journalism. Nor was journalism held to be limited to printed media or broadcasting, but included dissemination of opinions and ideas by electronic means of communication such as the internet.[33]

The breadth of the findings in Lindqvist and Satamedia are crucial to understanding the reasoning of the Court in Google Spain and Google[34], a case which has attracted a lot of attention but cannot, however, be understood in a vacuum; instead, it needs to be considered in the light of the other cases I have discussed. I recall that in Lindqvist it was held that putting personal data on a web page is data processing, and in Satamedia that republication on the internet of personal data having already entered the public domain remains in the scope of the Data Protection Directive.

First, a brief summary of the pertinent facts: A Spanish national, who did not wish to be remembered, wanted Google to remove links from its search engine which led, when his name was typed as the search term, to advertisements in a newspaper for an auction of his property due to social security debts. The auction took place in 1998 and the newspaper was later on put on the internet in electronic form.

Google Spain and Google brought proceedings in the Spanish courts challenging a decision of the Spanish data protection authority which had ordered Google to remove the link in question. In those proceedings a reference for a preliminary ruling was made to the Court of Justice.

As it is now commonly known, the Court held firstly that search engine operators process personal data in the sense of the Data Protection Directive when they provide links triggered by a person’s name to web pages containing his or her personal data. Moreover, the Court held that search engine operators are to be considered as data controllers in the sense of the Data Protection Directive. In particular, they are data controllers in respect of personal data appearing on the web pages that their search engines process for the purpose of its index.[35]

From this it follows that any right for the data subject to require removal or erasure of his or her personal data in accordance with the Directive becomes applicable in relation to the links in the search engine even if the objected information remains accessible on the web page where it was published. The search engine operator is obliged to remove from the search results initiated by using the data subject’s name as search term, any links to pages where information appears relating to the data subject, if this information is or has become inadequate, irrelevant or excessive. This also applies to information that is truthful, accurate, legal and not prejudicial to the data subject.[36]

According to the Court the data subject’s rights generally override the internet users’ right to information. However, in particular cases this latter right may have priority for special reasons such as the role played by the data subject in public life.[37]

Such a right, often called as a right to be forgotten, can be exercised by requesting the search engine operator to remove the links. If the search engine operator does not grant the request, the matter may be brought before a data protection supervisory authority or judicial authority. However, the Court did not establish an absolute right to the removal of the links, but each case will need to be considered on its own merits in light of the above-mentioned criteria.[38]

Google has implemented the judgment by creating a procedure where the data subject can require removal of links by filling a special form available on Google’s web site. Removal requests are processed by Google staff in accordance with internal guidelines established by a new Advisory Council, which mostly includes members from outside of Google.

How widely has this procedure been used? According to Google’s recent Transparency report of 2 June 2015[39] it has so far evaluated about 958 000 URL addresses, i.e. web pages, on the basis of about 264 000 requests to remove the link connecting a person’s name to a certain web page. In 58.7 % of cases the link has not been removed and in 41.3 % of the cases the request was successful. In Bulgaria Google had received circa 1 000 removal requests relating to circa 3 900 web pages, of which 23.9 % were successful. It will be interesting to see, how many of the removal requests not accepted by Google will be brought before the data protection authorities, and possibly lead to litigation before Member State courts.

According to Google’s Transparency report removal requests most often relate to social media or web sites specialised in publishing profiles of persons. Anyhow, Google has also removed links to articles published by such well-known media houses as BBC, The Guardian or Daily Mail. However, in some cases it has restored the link after objection by the media operator concerned.

Interestingly, in the Google judgment the Court made no reference to Article 11 of the Charter and freedom of expression, even if it did mention Internet users’ right to information[40]. Furthermore, on the basis of an extrajudicial statement made by a member of the Court who participated in the case, it may be the case that Google was not apprehended by the bench that decided it as touching upon the freedom of expression.[41] This said, it is expressly Article 11 rights that have raised concerns in the wider debate in all Member States and internationally.

In its Guidelines[42] issued in November 2014, the Article 29 Data Protection Working Party established under Directive 95/46/EC and consisting of national data protection authorities of the Member States (hereinafter the “WP 29”) introduced its intended implementation measures for the Google judgment. The WP 29 acknowledged search engine users’ interest of receiving information and the need of taking freedom to receive information as guaranteed by Article 11 of the Charter into account in the handling of data subjects’ requests for removal of search results. Yet, according to the WP 29 the impact on the freedom of expression posed by the right to be forgotten “will generally be very limited”. This assessment was supported by the circumstance that whilst a search engine operator might be required to remove search results, the information as contained in the source website will remain available and accessible through the search engine by applying search terms other than the name of the data subject.[43]

The WP 29 has additionally recommended that the practice of search engine operators of informing users of retentions of search results due to a request by a data subject should be conducted in a manner which does not allow the users to deduce that a specific data subject has requested de-listing of results, as such practice would strongly undermine the purpose of the Google ruling.[44]

The view of the WP 29 as regards removal requests turned down by search engine operators and brought before national data protection authorities is that such complaints are to be handled in the frame of routine assessment under Article 28, paragraph 4, of the Data Protection Directive. The Guidelines published by the WP 29 further introduced a non-exhaustive list of common criteria for national data protection authorities for the handling of complaints arising from the right to be forgotten. The criteria, including considerations pertaining to the data subject’s position as well as the nature of the information concerned, are to be applied “in particular in the light of the [sic] ‘the interest of the general public in having access to [the] information’”.[45]

4.      Concluding remarks: is a hierarchy of Charter rights emerging?

In conclusion, the Court of Justice case law on freedom to receive information is yet to touch upon the classical problems relating to freedom of expression, such as determining whether freedom of political speech, commercial speech and artistic expression all enjoy a different, or the same, level of protection. In contrast with this, there seems to be emerging a hierarchy between various Charter rights, with some being offered protection with preference over others.

Hence, privacy and data protection seem to override freedom to receive information unless a public interest criterion dictates otherwise. This may be explained by the fact that the case law of the European Court of Human Rights has emphasized the positive obligations of the States to guarantee privacy rights and the right to data protection, thus bringing in a horizontal dimension to both of these rights, and rendering them applicable between private parties. At the other end of the spectrum, although the right to receive information does not override the right to property to any content protected by an intellectual property right, nevertheless, freedom to receive information, in some circumstances, places limits on the enforcement of intellectual property rights. Here the Court has prioritized the public’s access to lawful content.

It might be concluded that EU data protection law is proceeding down a path in which freedom to receive information is afforded less protection in the context of the internet than in the context of traditional media, especially with respect to material other than freshly published content. I recall that in the Times Newspapers Ltd. judgment of 2009 the European Court of Human Rights noted “the substantial contribution made by Internet archives to preserving and making available news and information”.[46] Hence, in this respect there may be a divergence of appreciation between the Luxembourg court and the Strasbourg court on the value of the internet as a source of information that we are all entitled to receive.

***

Линк към резюмето на български език: КАКВО ИМАМЕ ПРАВО ДА ЗНАЕМ? ПРАКТИКАТА НА СЪДА НА ЕС В ОБЛАСТТА НА ОСНОВНИТЕ ПРАВА В ЕРАТА НА ИНТЕРНЕТ

***

[1] ”A Plea for Freedom of Speech in Boston”, December 9, 1860, Douglass Papers, ser. I, 2:423.

[2] European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols Nos. 11 and 14, of 4 November 1950, hereinafter “the ECHR”.

[3] OJ 2012 C 326, p. 391–407, hereinafter “the Charter”.

[4] R v Penguin Books Ltd [1961] Crim LR 176.

[5] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ 2000 L 178, p. 1–16.

[6] See Articles 12 to 14 of Directive 2000/31.

[7] Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services, OJ 2010 L 95, p. 1–24.

[8] See Article 14 of Directive 2010/13.

[9] Council Framework Decision 2008/913/JHA of 28 November 2008 on combating certain forms and expressions of racism and xenophobia by means of criminal law, OJ 2008 L 328, p. 55–58.

[10] Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography, and replacing Council Framework Decision 2004/68/JHA, OJ 2011 L 335, p. 1–14.

[11] Laserdisken ApS v Kulturministeriet (C-479/04, ECLI:EU:C:2006:549).

[12] See Judgments in Bond van Adverteerders (C-352/85, ECLI:EU:C:1988:196) as well as Opinion of Advocate General Lenz in ERT (C-260/89, ECLI:EU:C:1991:26).

[13] Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ 2001 L 167, p. 10–19.

[14] Judgment in Laserdisken, paras 64–65.

[15] Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM) (C-70/10, ECLI:EU:C:2011:771).

[16] Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV (C-360/10, ECLI:EU:C:2012:85).

[17] Judgments in Scarlett Extended, para 29, and in SABAM v Netlog, para 26.

[18] Judgments in Scarlett Extended, paras 49–53, and in SABAM v Netlog, paras 47–51.

[19] UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft mbH (C-314/12, ECLI:EU:C:2014:192).

[20] Judgment in UPC Telekabel Wien, paras 55–56.

[21] See Article 15 of Directive 2010/13.

[22] Sky Österreich GmbH v Österreichischer Rundfunk (C-283/11, ECLI:EU:C:2013:28).

[23] Judgment in Sky Österreich, paras 34–40.

[24] Ibid. paras 51, 52, 59 and 66.

[25] Opinion of Advocate General Kokott in Tietosuojavaltuutettu v Satakunnan Markkinapörssi Oy and Satamedia Oy (C-73/07, ECLI:EU:C:2008:266), para 43.

[26] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ 1995 L 281, p. 31–50.

[27] See Judgment in Volker und Markus Schecke GbR and Hartmut Eifert (Joined Cases C-92/09 and C-93/09, ECLI:EU:C:2010:662), paras 47, 52 and 59.

[28] Criminal proceedings against Bodil Lindqvist (C-101/01, ECLI:EU:C:2003:596).

[29] Judgment in Lindqvist, paras 25, 26, 46 and 47

[30] See the 17th recital of Directive 95/46.

[31] Tietosuojavaltuutettu v Satakunnan Markkinapörssi Oy and Satamedia Oy (C-73/07, ECLI:EU:C:2008:727).

[32] Judgment in Satamedia, paras 35–37

[33] Ibid. paras 56–61.

[34] Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (C-131/12, ECLI:EU:C:2014:317).

[35] Judgment in Google Spain and Google, paras 28 and 33.

[36] Ibid. paras 82, 94 and 96.

[37] Ibid. para 97.

[38] Ibid. paras 82 and 98.

[39] Google Transparency Report, European privacy requests for search removals, updated 2 June 2015, available at: https://www.google.com/transparencyreport/removals/europeprivacy/?hl=en (last accessed 3 June 2015).

[40] See Judgment in Google Spain and Google, paras 81 and 99.

[41] See “Das Recht auf Privatheit überwiegt”, Tageszeitung 20 September 2014, available at https://www.taz.de/EuGH-Richter-ueber-Google-Urteil/!5032929/ (last accessed 3 June 2015).

[42] Article 29 Data Protection Working Party, Guidelines on the implementation of the Court of Justice of the European Union judgment on “Google Spain and inc v. Agencia española de protección de datos (AEPD) and Mario Costeja González” C-131/12, 14/EN, adopted on 26 November 2014.

[43] Ibid. p. 6.

[44] Ibid. p. 9–10.

[45] Ibid. p. 12–20.

[46] Times Newspapers Ltd v the United Kingdom (Nos. 1 and 2), ECHR (2009), para 45.