Turkey: The Concept of the Right to be Forgotten and the Analysis of the Results of Decision No. ECJ-131/12 Rendered by the European Court of Justice

Last Updated: 11 August 2016
Practice Guide by Deris IP Attorneys

THE CONCEPT OF THE RIGHT TO BE FORGOTTEN and THE ANALYSIS OF THE RESULTS OF DECISION NO. ECJ-131/12 RENDERED BY THE EUROPEAN COURT OF JUSTICE

The European Court of Justice (ECJ), by accepting the concept of the “Right to Be Forgotten” on May 23, 2014 by means of decision numbered ECJ C-131/12,[1] has made a tremendous impact on the Internet ecosystem. ECJ adjudged by means of the aforementioned decision that results of the searches for private names which are inadequate, irrelevant or which become excessive in relation to the purposes for which they are collected in the course of time shall be removed upon request of the related individuals.

This decision, the content of which is positioned at the intersection of personal data protection and human rights law, has been subject to many misinterpretations and criticism as it involves many constituents to be considered both technically and psychologically.

In the first part of this study, the concept of the “Right to Be Forgotten” as well as other aspects thereof will be discussed in a doctrinal context; the decision of the ECJ will be analyzed in the second part, whereas the implementations and explanations following the decision will be handled in the third part, and finally, an overall assessment will be carried out.

A. THE RIGHT TO BE FORGOTTEN, THE RIGHT TO FORGET, THE RIGHT OF OBLIVION

Even though the concept of the Right to Be Forgotten has been discussed on various platforms in the member states of the European Union as well as the United States of America, it attracted the attention of the public to the fullest in November 2010 through a communication[2] from the European Commission.

The EU Commission announced by means of a communication that the right to be forgotten was regulated directly as a digital right within the scope of the European Union Data Protection Regulation that was planned to be accepted in mid-2015. Even though Directive 95/46[3] currently in force produces the result of benefiting from the right to be forgotten for the individuals, the matter is not specifically included as a separate topic in the current legislation. However, the Draft Regulation[4] covers the right to be forgotten as an individual title under Article 17 (Right to be Forgotten and to Erasure). In this respect, these two concepts are used together, and in fact the right to be forgotten is used as a subcategory of the right to erasure.

The EU, whose data protection policies may be considered to be individual-oriented compared to those of the U.S., introduced the right to be forgotten as a digital right the origins and implications of which have already been brought before the judicial authorities many times in France, Germany, Spain and the U.S.[5] under different implications. One of these implications and the earliest legal institution which unfortunately is often confused with the right to be forgotten today is “The Right of Oblivion”.

The Right of Oblivion is defined as a right that allows a convicted criminal who has served his/her time to request the removal of the facts of this crime in order to be a part of society again.[6] The right is based on “the right of privacy” which is intended to avoid any possible damages that may be imposed on the reputation, personality, identity and recognition of the individual.[7]

The right to erasure is the main title of the right to be forgotten, and it provides the data subject with the right to request personal data processed by third parties related with him/her to be erased. Therefore, the intended purpose of this right is to establish a balance between the data subject and the data processor by providing the data subject with the right to be involved in the processing operations during data processing related to him/her.[8]

In this respect, the right of oblivion exists independently from the digital world in the sense that it is aimed at establishing the balance between the right of the public to demand information and the personal rights as well as the right of privacy, while the right to erasure is about requesting personal data to be erased in case it does not have a legitimate processing foundation in terms of the principles of the data processing law.[9] Since analog data processing methods are barely used at the present time and data processing operations are mainly carried out digitally, the right to erasure is also recognized as a digital right.

Another distinction concerning the right to be forgotten is between the right to be forgotten and the right to forget. Rouvroy makes a distinction between these two rights with respect to the perspectives of the actors involved in the action of being forgotten. Accordingly, the right to be forgotten is associated with third parties and about their obligation of forgetting, while the right to forget refers to the right of directly the individual to forget his/her past.

In this respect, it must be stressed that the decision to be analyzed below is directly associated with “the right to be forgotten” and the interpretations and assessments about the decision must be established in line with the legal institutions related to the aforementioned right to be forgotten.

B. ANALYSIS OF THE SCOPE AND THE EFFECTS OF THE DECISION ON THE RIGHT TO BE FORGOTTEN

B.1. Google Spain, Spain Data Protection Agency Case No ECJC-131/12 before the European Court of Justice

The history of the dispute in decision no ECJ C-131/12 rendered on May 23, 2014 by the European Court of Justice (ECJ) is based on an internet announcement with regard to the auction for the real estate of Mario-Costeja Gonzales, a Spanish lawyer, organized following attachment proceedings against him due to his social insurance debts.

Upon the announcement being published in 1998 in Lan Vanguardia, a Spanish newspaper, it came up constantly as a result of the searches made in his name. Gonzales filed a complaint in 2009 at the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD) against Lan Vanguardia, Google and Google Spain and requested the removal of the aforesaid announcement.

The Spanish Data Protection Agency, with a decision rendered in 2010, denied the request for such removal from the newspaper on the grounds that the subject news was published lawfully with the intention of meeting a legal obligation, however, it also decided for the removal of the link which brought up the aforesaid news as a result of the Google searches made in the name of the plaintiff.

In another sense, the Agency accepted that the announcement published in the newspaper was a data processing operation conducted lawfully since the announcement was published by the Ministry of Labor and Social Security. However, as is known, the lawfulness of each data processing action must be assessed individually.

In this respect, since the data processing actions of the newspaper and Google should be assessed individually, and since the ground of lawfulness that applies to the news to be published in the newspaper may not establish the grounds for Google’s indexing operation, the Agency concluded that the ground of lawfulness was not available in Google’s action.

Google and Google Spain declared that they did not agree with this decision and filed an action against the decision before the Supreme Court of Spain. The Supreme Court of Spain, during the proceeding carried out, requested an opinion on three matters from the ECJ acting as an advisory board for the local courts in the member states of the EU.

The questions extended to the ECJ by the Court were as follows:

- Can EU Directive 95/46/EC[10] titled “The protection of individuals with regard to the processing of personal data and on the free movement of such data” be applied to search engines (Google, Yahoo, etc.)?

- When it is considered that the data processing server of Google Spain is physically in the U.S., can the European Union legislation be applicable to this company?

- Does an individual have the right to block access through the search engine to personal data related to him/her even if it is published lawfully?

Briefly, the ECJ accepted the following in its decision dated May 13, 2014:

- With regard to the EU Directive 95/46/EC being applicable to search engines (Google, Yahoo, etc.); search engines are regarded as data controllers, therefore they have legal responsibility within the scope of EU Directive 95/46/EC (para 41) and such responsibility cannot be denied by depending on the search engine status,

- With regard to physical servers being located in a geography other than that of an EU member; even if the data processing server of a company is located in a country that is not a member of the European Union, in case the concerning company –even if its field of activity is related to advertisement services intended for the search engine– has a branch in an EU member state, the EU legislation may be applicable (para 60),

- With regard to the right to be forgotten; in case the data of the individual appears to be inadequate, irrelevant or no longer relevant, or have become excessive over time in relation to the purposes of the processing[11], the individual has the right to request that the links providing access to such data are erased from the list of results of the searches made in his/her name (para 94).

When rendering the decision with regard to the right to be forgotten, the court expressly underlined the necessity of assessing the right to be forgotten in each event according to the event’s particular conditions.

Again, it is emphasized in the decision that in case an individual requests that a search result is erased within the scope of the right to be forgotten, there must be a careful balance between the individual’s right of privacy and the freedom of the public to access information as well as freedom of expression.

When we analyze the decision in the widest sense in the light of the aforesaid, we conclude that the ECJ adjudged that the individuals have rights on the data created by themselves or by third parties on the Internet and that in the context of EU Directive 96/46/EC, regardless of where the physical servers are located at, upon the request of individuals, the search engines providing service to consumers in Europe must erase the data, namely the links, that appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes of the processing from the list of results of name based searches.

B.2. Search Engines will hereupon be regarded as “Data Controllers”

The decision rendered by the ECJ on May 13, 2014 contains a significant implementation change in terms of the legal status of search engines which has been a controversial point throughout the world for a while.

As is known, the legal status of search engines has been discussed in every jurisdiction, yet no clear conclusion has been reached. Moreover, the companies carrying out search engine activities have been subject to a sui generis legal protection due to the unique structure of the service they offer to their customers.

Accordingly, since the indexing operation performed by search engines such as Google, Yahoo, etc. had not been deemed as a data processing operation according to EU Directive 95/46/EC in the previous EU applications, the search engines were not considered as data controllers and they did not have any liabilities pursuant to EU Directive 95/46/EC.

Google, by acting from this point of view in its petition, claimed that it could not be considered a data controller and made statements regarding such liability. Google stated that;

- It collects, processes and indexes data indiscriminately and during such operation no controls are made in order to check whether the related links contain personal data, therefore it cannot be qualified as a data processor or a data controller

- The party required to take action in terms of erasure of the contents is not itself but the party that has directly provided the contents, because it does not intend to control the data that is subject to indexing, whereas the party obliged to take such action in the present case is the newspaper that has provided the related contents

- Even if it is accepted that Google carries out a data processing operation, it can never be considered as a data controller based on the facts that a) it does not intend to process the data, b) the data subject to indexing are not verified by Google as to whether they are personal data or not, c) the party publishing the content holds the final authority regarding the destiny of the subject data d) it will not be able to index a data if such data is erased from the database of the content provider, e) it cannot verify the legitimacy of the personal data processing operation, f) it plays a secondary role in the publication of data, g) The Article 29 Working Party, in the Opinion 1/2008[12], expressed that search engines bear the liability of intermediary service providers pursuant to the Articles 12-15 of eCommerce Directive, h) even though Google performs the data processing operation, it must be considered in the status of a Telecommunication operator that bears no liability within the context of the current Data Protection Directive.

However, despite all these claims, the ECJ emphasized through the rendered decision that Google's data operator status must be interpreted in a wider context. The ECJ, in its decision, reached the conclusion that, since Google performs the indexing operation on the data available on the Internet in a certain context of purpose and meaning, Google’s subject action was, as distinct from the previous implementation, indeed a data processing operation and in this regard, it was liable as a data controller within the scope of EU Directive 96/46.

It must be expressed at this point that even though the current case has been intensively discussed with regard to the balance between privacy and the right of the public to access information, the core matter of the case is whether Google should be considered as a data controller or not.

Considering the matter in a chain of reasoning, it is concluded that if it was not possible to qualify Google as a data controller, the discussion of balance between privacy and public interest would be beside the point, since the necessity of establishing such balance arises on the grounds that personal data is not an absolute right but a right that competes with other human rights.

In other words, by accepting Google as the data controller in the subject case, the related directive found an area of application in that personal data was deemed to exist and the right to protect personal data being a non-absolute right, competed with other human rights. Through this methodology, it can clearly be seen that the individual vs. public interest discussion is indeed a sub-discussion.

B.3. The decision will be implemented in a way limited to the erasure of the related links from the search results regarding the individual

It is explicitly expressed in the decision of the ECJ that the subject link erasure would be limited to the erasure from the search results with regard to the individual. Accordingly, the content related to the  link that is decided to be erased within the scope of the right to be forgotten will continue to be displayed in the results of other search operations and the related content will continue to be available in the source web page.

The ECJ was heavily criticized for allegedly legalizing censorship when the decision on the right to be forgotten was first rendered. The ECJ defended itself by claiming that the subject decision was not censorship in any manner, because the parties benefiting from such right were not the governments but directly the individuals, furthermore the related source would continue to exist on the Internet ecosystem and therefore it was not a matter which damaged the right of the public to access information[13].

It must be expressed at this point that it is emphasized in the Guidelines[14] published on November 26, 2014 by the Article 29 Working Party that nicknames and pseudonyms must also be included in the scope of the right to be forgotten.

B.4. Companies with Headquarters in the U.S. will also be affected by the “Right to Be Forgotten”

Another notable point of the decision is the fact that it is applicable with regard to the companies located both in and outside of the EU.

The Court adjudged that the fact that the servers with which Google performs the data processing operations physically are located in a country other than an EU member state does not release it from the liability arising from EU Directive 95/46/EC.

Accordingly, even though Google Spain does not carry out indexing operations but only runs advertising activities, since the company is a corporation established in accordance with the laws of Spain and the operations it carries out are related to indexing at some point, it is concluded that the activities of the company must comply with EU Directive 95/46/EC.

When the number of internet users throughout the EU member states is taken into account and when it is considered that almost all big search engines in the World with a few exceptions carry out their activities in this geography, the magnitude of the impact of the decision becomes remarkable.

The companies which were not subject to EU Directive 95/46/EC in their actions and operations regarding data protection in the past as they were based in a country other than the EU member states will here upon have to carry out their activities within the scope of such Directive when providing the EU citizens with their services, including giant names such as Yahoo and Bing. The effect created by the decision is revealed more clearly, when it is considered that these companies must carry out their activities in compliance with not only the provisions establishing the grounds for the right to be forgotten but also all other provisions of EU Directive 95/46/EC.

Obviously, Google will feel the utmost impact as it possesses the biggest share in the related market. Google is now faced with very serious liabilities in the EU where it was previously free from many of them, due to the resolutions reached by the judicial and administrative authorities of the EU in the past year. One example is the voting resolution[15] rendered by the European Parliament on November 27, 2014 which gives the green light to the EU competition authorities to issue warnings against Google in their investigations, albeit with no executive power.

B.5. The right to be forgotten will bring forth not global but local results

Another point which should be indicated is that only the individuals living in the EU member states (Iceland, Lichtenstein, Norway and Switzerland are also included in these countries by Google) will be able to benefit from the right to be forgotten. Turkey is not listed among these countries even though it is a candidate country for EU membership. Therefore, for the time being, it does not seem possible for Turkish citizens to benefit from the right to be forgotten.

At this point, a clarification is provided in the Guidelines published by the Article 29 Working Party on November 26, 2014 regarding the implementation of this procedure in that in the implementation of the right to be forgotten, Data Protection Authorities must focus on cases where there is a clear link between the data subject and the EU, such as citizenship or residency (para 19).

On the other hand, according to statements by Google and the comments of other authorities made in the first days after the decision was rendered, in case Google recognizes as fair a request that is received within the scope of the right to be forgotten, it will not erase this result from the entire Google database, but will apply this to the domain names active in the EU member states, namely websites google.es andgoogle.fr. Hence, although the subject link is erased from the list of results within the scope of the right to be forgotten, it can still be displayed easily as a result of a search conducted on google.com.

However, upon the Guidelines published by the Article 29 Working Party on November 26, 2014, it is presumed that this application producing local results will most likely not be applicable anymore and the action will have to be implemented on the worldwide Google database in a manner to produce the same results.

This is because the Article 29 Working Party indicated in the aforementioned Guidelines that limiting the erasure operation to EU domain names on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient means for satisfactorily guaranteeing the rights of data subjects. (para 20)

Personal data of individuals enter into an unlimited circulation as a consequence of the removal of borders by means of information and communication technologies. Therefore, the effects of personal data can easily be perceived in the other countries of the world as well. In this respect, the implementation of such action to a wider extent as suggested by the Article 29 Working Party is necessary from the point of view of the individual. Particularly, when it is considered that there are no obstacles against accessing the subject domain names, namely Google.com in the EU states, the necessity of such application as well as the benefits thereof are clear.

B.6. Google cannot benefit from the exception of “Freedom of the Press”

In the decision rendered, the ECJ adjudged that the data processed within the framework of freedom of the press will be assessed within the scope of the conditions of lawfulness set out in EU Directive 95/46/EC and that in this respect, the data in this nature will not be assessed within the scope of the right to be forgotten.

However, companies carrying out search engine activities cannot benefit from such exception. The reason for this is that Google is not a media entity, a status which is known to be embraced by Google in order to abstain from the legislative regulations that apply to EU media corporations.

Therefore, even though the news published on the website of the newspaper can be considered within the scope of exception in the context of “freedom of the press,” the display by Google of such news amongst the search results is not considered to be within the scope of “freedom of the press.”

This exception, undoubtedly, attracted the attention of some institutions. For instance, the BBC, with the statement[16] made on October 17, 2014, announced that it had so far been notified of 46 links that had been removed and that it would be publishing such links on its website in the following days. Apparently, the BBC carefully studied the details of the decision and successfully read between the lines, and hence reacted against it in the most legitimate manner by publishing the related links.

At this point, even though the scope of the right to be forgotten involves only the removal of the link related to a person from the search results but not the erasure of the content from the linked source, it is expected to constitute another problem whether the website on which the BBC will publish the related links will be included in the search results or not.

C. ASSESSMENT

The decision rendered by the ECJ with regard to the right to be forgotten that constitutes the subject of this article is expected to give rise to many discussions in terms of both data protection law and human rights law. The reason for this is that the subject matter is directly related to the privacy of individuals whereas the institutions to be effected from the implementation thereof are the backbone of the internet ecosystem as well as the key actors that enable individuals to access information on the Internet.

Therefore, it must be underlined that there are issues to pay attention to during the interpretation of the ECJ’s decision, and the misinterpretation of the decision may give rise to serious violation of freedom of expression and the right of the public to access information.

Besides, it must also be noted that the decision has so far been discussed in the public only in certain aspects. Even though the decision initially points at the liability of certain institutions and organizations with respect to personal data law for the first time, the human rights aspect has been more dominantly discussed by the public. The reason for this, in my opinion, is that whether the search engines are data controllers in the context of data protection law is a matter that can only by handled by experts.

In other words, Google and other search engines place the technical side of the matter on one side and focus on the “human rights and freedom of expression” side which may attract the attention of the public at higher levels and thus criticize the legitimacy of the decision.

However, as we have expressed above, in case the legal status of Google and other search engines is not recognized as data controllers, the liability of institutions will not arise within the scope of EU Directive 95/46/EC. In such a case, the discussion on freedom of expression and privacy as the controversial aspects of this issue will be beside the point, since personal data is not an absolute right but competes with other human rights.

On the other hand, there is also a point to be discussed in the assessment of the decision from the perspective of the Turkish Law. The decision rendered by the ECJ is about the illegal processing of the subject data within the context of personal data law. In this respect, even lawfully published content, as in the subject matter, can be considered as processed unlawfully pursuant to the related articles of EU Directive 95/46/EC and can be included in the scope of the right to be forgotten on the grounds of failure to meet the conditions prescribed by the Directive. As a matter of fact, that is why only the link is erased while the content remains on the source website.

From this point of view, the discussion as to whether “Regulating Broadcasting in the Internet and Fighting Against Crimes Committed through Internet Broadcasting” numbered 5651 in the Turkish Law provides the right to be forgotten, which has been continuing since the issuance of the decision on the right to be forgotten, is groundless. This law involves regulations directly related to illegal content as a consequence of which it regulates the obstruction of access to such sources. In this context, it can be accepted at the utmost that this law is an illusion of the right to be forgotten in the Turkish law.

In conclusion, it will be accurate to state that such a decision, in the core meaning, has brought into question once again the recent differences in the policies of the U.S. and the EU regarding data protection matters. It is well known that the U.S. has a more liberal perspective in terms of data protection policy when compared to that of the EU and the data in this nature will most probably be assessed by the U.S. within the scope of “freedom of expression” whereas the EU has recently come into the fore with individual-oriented decisions and regulations proposed in a “personal rights” based approach.

The court, in parallel with this approach, proposed also in the Google Spain case that the right of “privacy” of the individuals prevails over “freedom of expression” and the “right to access information” of the public. Therefore, this gap between the two legal orders has become more visible. However, despite this gap, Google has adopted a surprisingly moderate policy instead of taking a tough line against the ECJ decision and put the right to be forgotten into effect even before the local court rendered the decision.

The best manner of putting into practice the requests received by Google within the scope of the right to be forgotten will undoubtedly be formed as a result of the experiences gained over time and of the public discussions with regard to the implementation of the matter.


[2] Communication from The Commission to The European Parliament, The Council, The Economic and Social Committee and The Committee of the Regions http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf

[3] The directive on the protection of individuals with regard to the processing of personal data and on the free movement of such datahttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

[4] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

[5] Rolf H. Weber, The Right To Be Forgotten: More Than a Pandora’s Box?, 2 (2011) JIPITEC 120, para 5-11

[6] Paul BErnal, A Right to Delete, European Journal of Law and Technology (EIJLT) 2011 (2) No.2, para 2

[7] Meg Leta Ambrose / Jef Ausloos, The Right to Be Forgotten Across the Pond, Journal of Information Policy, Vol.3, 2013, pp-1-23

[8] ibid

[9] Aurelia Tamo and Damian George, Oblivion, Erasure and Forgetting in the Digital Age, 6(2014) JIPITEC 71 para 13 Antoinette Rouvroy/Yves Poullet, The Right to Informational Self-Determination and the Value of Sel-Development; Reassessing the Importance of Privacy for Democracy, in; Serge Gutwirth et Reinventing Data Protection?, Springer 2009, pp.45

[10] EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

[11] Okan Çan, Google Bizi de unutur mu?, http://www.fikrinizinde.com/google-bizi-de-unutur-mu/ Date of Access: 22.12.2014

[12] Article 29 Working Party, Press Release dated 19.02.2008 http://ec.europa.eu/justice/policies/privacy/news/docs/pr_18_19_02_08_en.pdf

[14]  Guidelines On The Implementation Of The Court Of Justice Of The European Union Judgment On “Google Spain And Inc V. Agencia Española De Protección De Datos (Aepd) And Mario Costeja González” C-131/12,Article 29 Working Party, November 26, 2014                                             http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2014/wp225_en.pdf

[15] European Parliament Backs Investigation to Split Google Search from Its Other Businesses http://techcrunch.com/2014/11/27/google-unbundle-eu/ Date of European Parliament Backs Investigation to Split Google Search from Its Other Businesses http://techcrunch.com/2014/11/27/google-unbundle-eu/ Date of Access:22.12.2014

[16] BBC to publish 'right to be forgotten' removals list, http://www.bbc.com/news/technology-29658085, Date of Access:22.12.2014


References

- Decision of the European Court of Justice no.ECJ C-131/12

http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=257144

- Communication From The Commission To The European Parliament, The Council, The Economic AndSocial Committee And The Committee Of The Regions

http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf

- The directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

- Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on theprotection of individuals with regard to the processing of personal data and on the free movement of suchdata (General Data Protection Regulation), http://ec.europa.eu/justice/dataprotection/document/review2012/com_2012_11_en.pdf

- Rolf H. Weber, The Right To Be Forgotten: More Than a Pandora’s Box?, 2 (2011) JIPITEC 120, para 5-11

- Paul Bernal, A Right to Delete, European Journal of Law and Technology (EIJLT) 2011 (2) No.2, para 2

- Meg Leta Ambrose / Jef Ausloos, The Right to Be Forgotten Across the Pond, Journal of InformationPolicy, Vol.3, 2013, pp-1-23

- Aurelia Tamo and Damian George, Obilivion, Erasure and Forgetting in the Digital Age, 6(2014) JIPITEC71 para 13 Antoinette Rouvroy/Yves Poullet, The Right to Informational Self-Determination and the Valueof Sel-Development; Reassessing the Importance of Privacy for Democracy, in; Serge Gutwirth etReinventing Data Protection?, Springer 2009, pp.45

- The Directive 95/46/EC of the European Union on the protection of individuals with regard to the processing of personal data and on the free movement of such data

http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

- Article 29 Working Party, Press Release dated 19.02.2008

http://ec.europa.eu/justice/policies/privacy/news/docs/pr_18_19_02_08_en.pdf

- EU ECJ, Myth-Busting

http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_rtbf_mythbusting_en.pdf

- Guidelines On The Implementation Of The Court Of Justice Of The European Union Judgment On “Google Spain And Inc V. Agencia Española De Protección De Datos (Aepd) And Mario Costeja González” C-131/12, Article 29 Working Party, 26 November 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp225_en.pdf

- European Parliament Backs Investigation To Split Google Search From Its Other Businesses

http://techcrunch.com/2014/11/27/google-unbundle-eu/ Date of Access:22.12.2014

- BBC to publish 'right to be forgotten' removals list, http://www.bbc.com/news/technology-29658085,

Date of Access:22.12.2014

- Okan Çan, Google Bizi de unutur mu?, http://www.fikrinizinde.com/google-bizi-de-unutur-mu/ Date of Access:22.12.2014

This document is not intended to create an attorney-client relationship. You should not act or rely on any information in this document without first seeking legal advice. This material is intended for general information purposes only and does not constitute legal advice. If you have any specific questions on any legal matter, you should consult a professional legal services provider.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Contact the Author?
Click here to email the Author
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Other Turkey Advice Centres
Competition and Antitrust
Tax
Intellectual Property
More Advice Centers
Significant Recent Cases
Useful Resources
Data protection is commonly defined as the law designed to protect your personal information, which is collected, processed and stored by “automated” means or intended to be part of a filing system.
In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. On 4 May 2016, the official texts of the Regulation and the Directive have been published in the EU Official Journal in all the official languages.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA
The Article 29 Data Protection Working Party was set up under the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Tools
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Emails

From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

*** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.