LLMpediaThe first transparent, open encyclopedia generated by LLMs

Google v. CNIL

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Data Protection Commission (Ireland) Hop 5
Expansion Funnel Raw 51 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted51
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Google v. CNIL
Case nameGoogle v. CNIL
CourtCourt of Justice of the European Union
Decided13 May 2019
CitationsC‑507/17
KeywordsRight to be forgotten, data protection, territorial scope, search engines

Google v. CNIL

Google v. CNIL was a landmark decision of the Court of Justice of the European Union delivered on 13 May 2019 concerning the territorial scope of the right to be forgotten under the General Data Protection Regulation and the Data Protection Directive 95/46/EC. The ruling addressed tensions between transnational search engine operations, national data protection authorities, and cross-border Internet regulation involving major technology firms, national regulators, and multilateral legal frameworks.

Background

The dispute arose after the Commission nationale de l'informatique et des libertés issued orders to Google LLC about the delisting of search results following the earlier judgment in Google Spain SL v AEPD and Mario Costeja González. The CNIL demanded that delisting apply not only to google.fr and other EU country domains but also to google.com accessed from within the France territory, invoking national enforcement powers under Directive 95/46/EC and later references to Regulation (EU) 2016/679. The case involved interactions among European Commission policy, member state authorities such as the Cour de cassation (France), and private parties that included multinational corporations, European citizens, and advocacy organizations like Privacy International and La Quadrature du Net.

Key legal issues included whether an EU supervisory authority may require a global delisting of search results on domains accessible outside the European Union, and whether the territorial scope of data protection obligations extends to processing carried out by entities established under the law of non-EU states. The case raised questions about the interaction between the Charter of Fundamental Rights of the European Union and extraterritorial application of EU law, the limits of national remedial powers under the Court of Justice of the European Union jurisprudence, and conflicts with foreign law regimes such as those of the United States, United Kingdom, and other third countries. The issues implicated legal instruments and actors including the European Court of Human Rights, the Council of Europe, the Organisation for Economic Co-operation and Development, and multinational corporate compliance structures like those in Alphabet Inc..

Court Proceedings

The matter was referred to the Court of Justice of the European Union by the Cour de cassation (France), which sought a preliminary ruling on the interpretation of EU law following enforcement by the Commission nationale de l'informatique et des libertés. The proceedings saw interventions from parties including Google LLC, the CNIL, national data protection authorities from other member states such as Bundesbeauftragte für den Datenschutz und die Informationsfreiheit and Information Commissioner's Office (United Kingdom), as well as submissions from interest groups like European Digital Rights and academic commentators from institutions including Oxford University, Harvard University, and Sciences Po. Advocates referenced precedent from cases like Google Spain SL v AEPD and Mario Costeja González and doctrinal sources such as opinions of advocates general and prior judgments of the Court of Justice of the European Union.

Judgment and Reasoning

The Court held that an EU supervisory authority cannot require a global de-referencing obligation that would apply worldwide; instead, deletion obligations are limited in territorial scope to EU member state domains and to results accessible to users in the European Union via generic top-level domains when accessed from within the Union. The judgment balanced the rights enshrined in the Charter of Fundamental Rights of the European Union—notably privacy and freedom of expression—against principles of international comity involving the legal orders of United States, Canada, and other third countries. The Court grounded its reasoning in previous case law from the Court of Justice of the European Union and principles reflected in instruments like the General Data Protection Regulation and the Data Protection Directive 95/46/EC, while emphasizing limits on extraterritorial enforcement to avoid conflicts with decisions of courts such as the Supreme Court of the United States and obligations under treaties like the European Convention on Human Rights.

Impact and Significance

The ruling clarified the territorial limits of EU data protection enforcement, influencing compliance strategies of multinational tech companies including Google LLC, Facebook, Inc., Twitter, Inc., and Microsoft Corporation. It affected actions by national authorities such as the Commission nationale de l'informatique et des libertés and informed policy debates in institutions like the European Parliament and the European Commission. The decision shaped litigation strategies in domestic courts including the Cour de cassation (France) and influenced regulatory approaches by agencies like the Information Commissioner's Office (United Kingdom) and national regulators in Germany, Spain, and Italy. The judgment also fed into discussions in international bodies such as the Organisation for Economic Co-operation and Development and the United Nations Human Rights Council about cross-border data flows and digital rights.

Reactions and Commentary

Reactions ranged from praise by privacy advocates including Privacy International and European Digital Rights for preserving strong remedial powers within the EU, to concern from corporate legal teams at Alphabet Inc. and commentators at The Wall Street Journal and Financial Times about operational and legal complexity. Legal scholars at University of Cambridge, Yale University, and London School of Economics produced commentary analyzing implications for conflicts of law, extraterritorial jurisdiction, and platform governance. Legislators in the European Parliament and executives in the European Commission cited the ruling in subsequent proposals and communications addressing digital sovereignty, while regulators in third countries monitored the decision for potential reciprocal measures.

Category:European Union case law Category:Data protection law