The Right to Be Forgotten: Impacts on Libraries and their Objectives

April 20, 2018

Share this story

By Stephen Wyber, Senior Policy Officer, IFLA

This blog was originally created as part of a briefing pack for the #DataPrivacyNY study trip, examining the theme of online data privacy and public libraries.

Further blogs on data privacy can be found here and more information about the wider project can be found here.

Search engines have proven to be particularly powerful tools for retrieving knowledge that might otherwise be neglected or forgotten. They have changed the way we gather and use information about things, events and individuals, and make an invaluable contribution to achieving the objectives of libraries. Arguably, also, they have made the modern Internet possible.

Yet by changing the life-cycle of information, making anything that remains on the open Internet potentially discoverable forever, they raise key questions about the balance between the freedom of access to information and the right to a private life.  The ‘Right to Be Forgotten’, or at least the right to be de-listed from Internet search results, provides an excellent case study of the tension between different human rights in a digital age.

It is also an issue of direct relevance to libraries, given their role in both preserving the historical record, and ensuring public access to it. Moreover, as efforts to apply the concept in new places and new ways emerge, libraries will need to be vigilant in order not only to protect their own activities, but also to defend the values they represent. The article therefore offers an overview of the origins of the concept, how it affects libraries, and closes with a look at new (potential) applications of the right to be forgotten.

Remembering: The Origin of the Right to Be Forgotten

The idea of a ‘right to be forgotten’ first came to public attention following a decision of the Court of Justice of the European Union (CJEU) in 2014[1]. This concerned a Spanish national whose properties had been subject to forced sale in 1998. This had been the subject of announcements in a newspaper, including the individual’s name.

Over ten years later, searches for the individual’s name on Google continued to return links to the 1998 announcement. The individual brought a case against Google, following the latter’s refusal to remove the results, complaining that this prejudiced his activities and represented a breach of his right to a private life. Five years later, the CJEU finally agreed, arguing that the activities of a search engine constituted ‘data processing’ under existing EU data protection law. As such, when the data in question was personal (and even if it had already been published on the Internet), individuals could legitimately ask companies such as Google to remove certain links from search results.

This right was not universal. The ruling itself suggested that when an individual played a role in public life, ‘the interference with his fundamental rights is justified by the preponderant interest of the general public in having, on account of its inclusion in the list of results, access to the information in question’.

Search engines like Google rapidly took on this task, dealing with large volumes of cases itself, while data protection agencies only became involved when there were appeals[2]. Google’s own statistics[3] indicate that it has dealt with over 700 000 requests, relating to nearly two million URLs since the judgement, of which just over 43% see a search engine result removed.

Preservation, Access, Privacy: Impacts on Libraries

For libraries, the most immediate effect of the judgement has been that search engines, a key tool in helping users discover information, are at greater risk of showing incomplete results[4]. That decisions, effectively, are taken by a private party through less-than-transparent means does not make the situation any better.

On a more general level, information that is on the Internet is part of the public record, and has potential value to citizens and researchers. It should not be intentionally hidden, removed or destroyed, unless there is an overriding privacy concern. There is also, arguably, a threat to freedom of the press, and freedom of expression more broadly, given that it implies that after a time, it is possible to de-list authors’ work.

Maintaining the historical record should be the default option, with any derogation from this following clearly set out processes that do not unduly hurt the higher public good. For every individual who does not deserve that earlier mistakes or misdemeanours cast shadows on his or her future life chances, there may also be company directors[5] or politicians whose past actions or judgements remain highly relevant.

The Right to be Forgotten Spreads and Mutates

Despite its novelty as a concept, the idea of right to be forgotten has already appeared in other regions and forms. Proposed legislation on a right to be forgotten was recently withdrawn in the New York legislature[6], while there have also been (so far unsuccessful) efforts to introduce it in Japan[7]. However, South Korea has introduced such a right[8], and the Indian courts appear to be going in this direction[9].

As for new manifestations of the right, a first question concerns the geographical scope of de-listing decisions. The original CJEU judgement found that Google could be considered a ‘data controller’ because its site was selling advertising focused at the Spanish market[10]. Yet in a case in France, the national data protection agency is calling for de-listing decisions to apply universally, regardless of the national version used (, etc), or where the searcher is located[11]. This is particularly concerning, in that it implies that a judgement made in one country, on the basis of national laws and preferences, can affect what Internet users in other countries can see when they search.

There has also been a judgement of the Belgian courts which suggests that when the right to be forgotten can be exercised, relevant names should also be redacted from digital archives[12]. Such a step may well be inconsistent with public interest archiving activity (also recognised in EU law), given a growing share of information is born digital. Moreover, after digitisation of paper works, it may be impractical to go back to the (non-redacted) paper copy.

Finally, an Italian court has taken the extreme decision to determine the period after which news stories (notably containing personal data) can be considered irrelevant, and so can be legitimately removed from search results[13]. The setting of this at 30 months is particularly concerning, both as concerns access to information, and to the rights of journalists themselves to have their work read.

Conclusion: Maintaining the Balance

As defenders of both access to information, and user privacy, libraries are present on both sides of the balance in right to be forgotten cases. The overriding importance of archiving and preserving the historical record implies that the intentional destruction of information, especially through unclear processes, is to be condemned. It is worth underlining that the effectiveness of the process has also been called into question, following findings that it was still possible to identify the subjects of successful right to be forgotten cases[14].

In those cases where information is unfairly damaging or no longer relevant, removal from search results can be considered, but should be done in a way that does place disproportionate limits on the freedom of access to information. How this is done will continue to be a subject of discussion, and libraries should be prominent in asserting their values and roles in these debates.

[1] C131/12 Google Spain vs Mario Costeja Gonzales,;jsessionid=9ea7d2dc30d5ef50415acf9349aba55df79a1a7e791d.e34KaxiLc3qMb40Rch0SaxyLaxb0?text=&docid=152065&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=1064434

[2] In the UK for example, there had only been 185 appeals by May 2015, of which only 25% were successful. See The Register, ‘Right to Be Forgotten Festers as ICO and Google Come to Blows’, 14 May 2015

[3] Google Transparency Report, (accessed 1 April 2017)

[4] This is on top of any other manipulation of search results that may take place.

[5] A point that the CJEU itself recently conceded, noting that personal data in a companies register could not be anonymised under the right to be forgotten concept. C-398/15 Camera di Comercio, Industria, Artigianata e Agricoltura di Lecce vs. Salvatore Manni. See Press Release, 9 March 2017

[6] Techdirt, NY Senator Pulls Sponsorship from ‘Right to Be Forgotten’ Bill, Effectively Killing It, 24 March 2017,

[7] The Guardian, Japanese court rules against paedophile in ‘right to be forgotten’ online case, 2 February 2017,

[8] The Korea Herald, Media watchdog to uphold right to be forgotten in Korea, 21 February 2017,

[9] Livelaw, In a first, an Indian court upholds the ‘Right to be Forgotten’, 3 February 2017,

[10] C131/12 Google Spain vs Mario Costeja Gonzales, ibid.

[11] CNIL, Right to be delisted: the CNIL Restricted Committee imposes a €100 000 fine on Google, 24 March 2016,

[12] Le Soir, La Cour de Cassation bétonne le droit à l‘oubli, 20 May 2016,

[13] The Guardian, How Italian courts used the right to be forgotten to put an expiry date on the news, 20 September 2016,

[14] Xue, Minhui, Magno, Gabriel, Cunha, Evandro, Almeida, Virgilio and Ross, Keith W., The Right to be Forgotten in the Media : A Data-Driven Study, Proceedings on Privacy Enhancing Technologies, Vol 2016, Issue 4 (Oct 2016),