News & Resources

Publications & Media

“What direction companies must head with ‘right to be forgotten’ laws”

Safe and Sound By Heather L. Buchta

When a European Union court said in May that individuals have the right to control their data and can request that search engines remove results linking to their information, legal practitioners around the world were surprised. This “right to be forgotten” seemed to take data privacy laws to an unprecedented level that even European lawyers didn’t expect to see happen.

In the United States, the decision left many lawyers asking: What does this mean for American companies?

It’s unlikely a similar type of law would pass in the United States outside of the realm of laws that protect minors. California is one state where such a rule exists. Where Europe places almost equal weight on freedom of expression and an individual’s privacy rights, the United States tends to favor the right to free speech. However, that hasn’t meant American companies are immune to the consequences of the ruling.

According to its recent online transparency report released in mid-October, Google has been busy removing links from its search results after requests from European residents. Facebook, YouTube and Google were the sites most affected by the law—with Google removing thousands of links from its search results.

As data privacy laws continue to evolve here and around the world, companies should be keeping close tabs on what these changes mean for them. In many cases, the impact may be minimal. In this case, however, companies with operations abroad and those that collect or store data from European residents may need to ensure they’re in compliance with the new law.

The European legal landscape is extremely different and companies need to understand that people have different rights in Europe than they do in the United States. Companies must know what their affirmative obligations are with regard to an individual’s personal information, what they should be doing on the front end, and the processes they must implement to comply with the new law.

While a broad “right to be forgotten” law isn’t likely in the United States, it’s still an important development in the data privacy legal landscape and one that should remain on companies’ radars because today’s companies work in a global marketplace and reach customers and clients all around the world.