Update on the European Union and Other Countries Regarding the “Right to Be Forgotten”

With thanks to Jan Meisels Allen.

EU Logo

The EU Observer has written an interesting update on the European Union’s (EU) proposed data privacy legislation-which was first introduced in 2012. This is the legislation that espouses the “right to be forgotten” now called the “right to be erased”  a concept causing genealogists concern as to what records may be available after the legislation is enacted. You may recall the EU Parliament passed its version in March of last year—and then the May 2014 elections occurred before the EU Council voted. Both the EU legislative chambers must vote on the same piece of legislation before it can be enacted. (See below for a brief description of the EU legislative structure.) The legislation has a number of “chapters” and some are more contentious than others.  Thus far, agreements have been reached on rules for public authorities; data transfer rules to countries outside the EU, rules on processors, controllers, and data protection officers, as well as rules on archiving and statistics for history and research purposes.  Also agreed upon was designating the lead data protection authority, charged to resolve disputes, as the one based in the country of the company’s main establishment.

In addition to the “right to be forgotten/right to be erased” the following issues still need to be agreed upon: data subject rights, sanctions, definitions, final provisions, and the complex legal interpretations of implemented and delegated acts (secondary legislation). The causes of the delay are due to cultural differences between the 28 member EU states and the complexity of the regulation. For example, Scandinavian countries are in favor of the right to public information prevailing over privacy claims whereas Germany, the Netherlands, or Austria would be more likely to favor privacy over the right to public information.

There are differences between what the EU Parliament wants and what individual members states want. One such issue is the EU Parliament consent to process personal data to be explicit with member states wanting a more ambiguous option. Another issue with differences is member states want a risk-based approach to data protection, which would see risk quantified through things like impact assessments.

How IT companies handle the data is also a debate between the Parliament and individual member states. Parliament says IT systems should design their services “in a data-minimizing way and with the most data protection-friendly pre-settings”.  Member states, however, say it should be optional that data protection officers make sure a company properly complies with the reformed rules. Parliament wants a mandatory appointment of such officers that should depend on the amount and relevance of data processed by the company.

Another difference between Parliament and member states is over rule-breaking and any sanctions.  Member states want sanctions to be up to two percent of global annual turnover but the EU Parliament is suggesting as much as five percent.  The difference is a significant financial burden.

Again, the fundamental issue is privacy rights vs the right to know.

The plan is to have member states adopt their plans by June 15 enabling negotiations with the EU Parliament to begin.

To read the article see: https://euobserver.com/justice/128812

There have been member state courts that have weighed in with decisions on the “right to be forgotten”, the extraterritoriality of the EU decisions on data aggregators such as Google and social media firms such as Facebook.  These have been reported upon previously. However, here are some updates you may find of interest:

The European Union, as part of its privacy issues are focusing on social media companies such as Facebook, and now Twitter.

In the New York Times on May 26, there are several articles of interest on these two topics:

Who’s the Watchdog? In Europe, the Answer is Complicated focuses on Facebook and the fight with the privacy watchdogs and individual’s online data. As many genealogists use Facebook in their genealogy research and to communicate with other family historians around the globe, this article may be of interest.  To read the article go to: http://bits.blogs.nytimes.com/2015/05/25/whos-the-watchdog-in-europe-the-answer-is-complicated/

To read more about Facebook and the EU see: http://tinyurl.com/lv9t4ww

Original url:


As Facebook Sweeps Across Europe, Regulators Gird for Battle discusses the EU’s position regarding Facebook and other companies and whether they unfairly favor their own services over those of rivals.  The EU Court of Justice is expected to rule in late June whether Facebook can continue transferring user data between Europe and the United States.  See: http://tinyurl.com/l9qhvou

Original url:



On May 18 Irish Data Commissioner took charge of policing Twitter privacy of the 300 million people who use twitter outside the U.S. The move means all of the social network’s users outside of the US will come under the European Union’s Data Protection Directive.  To read the article see: http://www.rte.ie/news/2015/0518/701888-twitter-data/

The EU’s Data Protection Directive is of concern to genealogists and the EU has been debating the “right to be forgotten/right to be erased” for several years and still negotiating with the 28 member states as to the final version of the new regulation.

Germany and Mexico and More: The Right to Be Forgotten Concept is Spreading

There have been two recent cases where the “right to be forgotten” has unfortunately “won” and records are being refused and links being removed from Google.  As mentioned previously many countries, not only the 28 EU member countries, have Data Protection Officers and they are making decisions in favor of closing access, as part of the “right to be forgotten”.


The Data Protection Official of the State of North Rhine-Westphalia stopped the City of Minden who had put on line their city’s archives with family information, photographs and more.  The rationale may be found at:   https://www.ldi.nrw.de/mainmenu_Service/submenu_Berichte/Inhalt/22_DIB/DIB_22.pdfpage 88, it is in German. Fritz Neubauer who shared the information with me translated a summary of the rationale as “Given the background of anti0Semietic feelings including criminal acts a use against the original purpose cannot be excluded”.

Part of the discussion was about using the names of the deceased as it is possible to infer something and possibly find living relatives.  Apparently, the protest was initiated by living relatives who claim they were without  rights nor protection during Nazi times and now if they say their names online world-wide this would be another way for them to be “on show” with modern technology.  The German Federal Archives does not currently have to follow what the state of North Rhine-Westphalia requires and so far the Munich Memorial Book is still online. (North Rhine-Westphalia is the most populous state of Germany, as well as the fourth largest by area).



Google has already been the focus of the “right to be forgotten” in a European Union Court of Justice decision requiring the search engine to remove links to stories if the person about whom story links is about finds it unfavorable to them even if it is true. Thus far, Google has received over 760,000 requests—not all have been approved for removal.

Now, Mexico’s Federal Institute for Access to Information (IFAL) ruled against Google Mexico.  In January, IFAL came down on the side of a transportation scion who wanted three links removed that were negative to his family’s business dealings which included a government bailout of bad loans.  While Mexico, like the European Union, have exceptions to the Internet privacy rules if the information is in the public interest, IFAL did not apply that to this case. Just as the EU Court did not apply it to the Spanish lawyer’s case that required Google to remove the links that were true—but negative to the plaintiff who had the links about past financial difficulties.  The IFAL ruling that came down in January has sparked more claims.  Google Mexico said the decision infringes on the right to access information and freedom of speech. At this point the decision only affects links that are on the Mexican Google site: google.com.mex.

As previously reported, a French Court stated that the EU decision is relevant outside of the EU if the website covers EU residents—such as Google.com in the US or other non-EU countries.  This court decision relates to removing a link to a story in a 2007 article in the magazine Fortuna which referred to a lawsuit by a shareholder against a businessman’s late father who owned a long-haul bus lines business for generations.  The IFAI found for removing the information when its “persistence causes injury” even if the information was lawfully published. Another case related to the former governor of Coahuila with a before and after photo when the “before” photo was before he lost weight.  A new business has been “created” which specializes in fighting to remove Internet links with their website saying,” We erase your past”.

To read the story go to: http://www.wsj.com/articles/google-wages-free-speech-fight-in-mexico-1432723483.  Note if you type into Google’s search box the title of the story, Google Wages Free-Speech Fight in Mexico, you can read the entire story whereas if you click on the link you only get part of the story with a prompt to subscribe to the Wall Street Journal.

The Right to be Forgotten Continues To Spread Across the Globe

Other Latin American countries have passed or are considering digital-privacy laws in Brazil, Chile and Argentina. Argentina’s top court rejected a case against Google and Yahoo for damages after a model’s name was associated with sexual content, but allowed elimination of links in some instances. Hong Kong’s top privacy regulator suggested that Google should apply the EU ruling globally.  A Tokyo court ordered Google to omit some posts from search results that a local man said could injure his reputation and violate his privacy. South Korea’s telecommunications regulator established a task force to look into legislation making it easier to get information removed from the Internet.

The right to privacy vs the right to know appears to be spreading and this affects all of us. We are now seeing with the German and Mexican examples above that the concept of the “right to be forgotten” is dealing with those who are deceased not just the living. If these “right to be forgotten” decisions continue to apply to the dead, then we have a major problem with our accessing records of deceased ancestors.

Brief EU Legislative Structure Description

The European Union Parliament is the parliamentary institution of the EU which is directly elected every five years.  It is composed of 751 members (750 plus the President who is elected by the Parliament). The Members of Parliament (MEPs) are grouped not by country affiliation but by political party. The number of MEPs per member country is proportionate to their population. Together with the Council of the European Union and the European Commission, it exercises the legislative function of the EU and it has legislative power that the Council and Commission do not possess The Parliament does not possess the authority to initiate legislation. (http://europa.eu/about-eu/institutions-bodies/european-parliament/index_en.htm)

The Council of the European Union (the Council) is part of the EU legislature, representing the executives of 28 EU member states. The Council is comprised of the 28 National Ministers—one for each member of the European Union. (http://europa.eu/about-eu/institutions-bodies/european-council/index_en.htm ) As both organizations share equal legislative responsibilities for the legislation to become law, both organizations must agree to an identical proposal to become law.

The European Commission is the EU’s executive body. It represents the interests of the European Union as a whole (not the interests of individual countries).  The Commission’s main roles are to: propose legislation which is then adopted by the European Parliament and the Council; enforce European law (where necessary with the help of the European Union Court of Justice); and set objectives and priorities for action. (http://europa.eu/about-eu/institutions-bodies/european-commission/index_en.htm).

Jan Meisels Allen

Chairperson, IAJGS Public Records Access Monitoring Committee


Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *