Regulating the Internet. Prescriptive and Jurisdictional Boundaries to the EU's 'Right to Be Forgotten'

Abstract

Discussion of a European Union (‘EU’) imposed so-called ‘right to be forgotten’ or RTBF follows judgment of the European Court of Justice (‘CJEU’) in Google Spain. RTBF is clearly not quite what the CJEU had in mind or held in the judgment. However the term has captured public imagination. I too therefore in this article will employ the term as shorthand for the Court’s ruling in Google Spain.The case has led to suggestions of ‘exterritorial reach’ of Google Spain or the ‘global reach’ of the RTBF, coupled with accusations that the EU oversteps its ‘jurisdictional boundaries’. This follows especially the order or at least intention, by the French and other data protection agencies, that Google extend its compliance policy to the .com webdomain. This contribution focuses on the jurisdictional implications of the judgment. I do not review the merits of the case on data protection, human rights (particularly: freedom of expression and freedom to receive information), or other grounds. Jurisdiction being at the core of the discussion, I recall in Part I core notions of jurisdiction in traditional international law. Much of current analysis of Google Spain in my view suffers from conceptual confusion. Rules and principles of private and public international law are thrown into one spaghetti bowl of ideas which leads to opaque advice. At a first level of analysis, it is important therefore clearly to separate private from public international law in the discussion of internet regulation. This, it is hoped, will enable us to see the implications of the ruling more clearly, even if it requires summary review of the overall international regime on jurisdiction.Google Spain concerns litigation in civil and commercial matters. In essence it pitches one private individual, a natural person, against another, a corporation. The implication of a regulator (the Spanish data protection authority), does not materially affect the nature of the relationship at stake. The litigation and the consequential compliance by Google lie squarely in the area of private international law. That is arguably different for the follow-up extension, as noted above, of Google’s RTBF compliance policy, to websites with suffixes ex-EU, in particular, the .com extension.Once core issues of jurisdiction clarified at both public and private international law levels in respectively parts I and II of this contribution, I will draw conclusions from both areas, for the specific issue of the territorial reach of the RTBF in part III. The aim of current paper is not to present a done and dusted jurisdictional model for the regulation of the internet and, in wider sense, of the E-Economy. Rather, I hope to encourage relevant debate on the issues under consideration. There is more to the extension of the RTBF rule than scholarship has so far suggested.