Right to be forgotten applies to all Google domains, rules French privacy authority

Right to be forgotten applies to all Google domains, rules French privacy authority

Search results should also be delisted on the .com domain, the French authority said

Google must respect the European Union's 'right to be forgotten' court ruling on all its sites, not just those it says target EU countries, the French data protection authority has ruled, giving the company 15 days to comply.

The French National Commission on Computing and Liberty (CNIL) ordered Google to remove the affected search results on all its domains, including, or face a fine of up to €300,000 (about $337,000). So far, Google has only removed such results from those of its sites it says target EU users, including or French residents need only click the "Use" link on the homepage to have access to unfiltered search results.

The dispute began over a year ago, when the Court of Justice of the EU (CJEU) gave people the right to request removal of search results for queries including their names, if the results are inadequate or irrelevant.

This means that E.U. residents who want to remove a search result displayed on a search of their name can ask a search engine to delist it. The search engine must review the request and grant it if the proper conditions are met. If the search engine does not comply, they can lodge a complaint with their local data protection authority.

In France that authority is the CNIL, which has received hundreds of complaints from people who were denied a delisting by Google, the authority said Friday. After assessing the complaints, Google was ordered to delist several search results and was expressly told to do so on all its domains, not just on European domains such as or, the CNIL said.

So far, Google has received over 55,000 requests from France to remove over 168,000 URLs, of which it removed almost 48 percent.

"In accordance with the CJEU judgement, the CNIL considers that in order to be effective, delisting must be carried out on all extensions of the search engine and that the service provided by Google search constitutes a single processing," the CNIL said, adding that the results should for instance also be delisted on the .com domain.

Search results should be delisted for French citizens using Google wherever they are and whatever the extension is, a CNIL spokeswoman said.

Google has been delisting search results only on its European domains and not on, arguing that the ruling should apply to European searches and not worldwide.

"The ruling focused on services directed to European users, and that's the approach we are taking in complying with it," the company said, adding that it aims to strike the right balance in implementing the ruling and has been working closely with data protection authorities. The company has said that over 95 percent of queries originating in Europe are on local versions of its search engine.

Google can determine if a query on the .com domain comes from a European IP address, and already uses this technique to redirects users to local search engines -- although it offers users that are not logged in to a Google account a link on the local page to return to the domain.

Google did not immediately respond to questions about why it doesn't delist search results if the .com domain is accessed from a European IP-address.

Meanwhile, Google appears to block search results made on European search domains made from abroad. From Japan for instance, searches made on .fr and .de domains showed a message that some results may have been removed under data protection law in Europe.

If Google does not comply with CNIL's order, the authority will draft a report recommending the CNIL's committee in charge of imposing sanctions for violations of the French data protection law to impose a sanction. The highest possible sanction for the first step ins such a procedure is €150,000, which later can climb to €300,000, the CNIL spokeswoman said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO newsletter!

Error: Please check your email address.

Tags Googlesecuritylegaldata protectionprivacy

More about EUGoogleIDGNewsTwitter

Show Comments