This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.
While the press and the public are currently focussing on the interpretation and impact of this latest decision of the CJEU against Google, the overall broad picture should remain in focus. The "right to be forgotten" is only one - and possibly not the most severe - of many data privacy issues triggered by Google's service offerings. Other topics that are currently discussed in Europe in this context include Google's illegal practice of scanning incoming emails to place advertisements, using invalid privacy policies or surveillance possibilities through Google Glasses.
Scanning Incoming emails
Earlier this year, Google finally admitted its practice of scanning Gmail accounts and other Google user content. Google recently changed its Terms of Service and in doing so confirms a long practice that has already been an open secret. The new section under "Your Content in our Services" states:
"Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored."
This practice is widely seen as illegal. In Germany it is expected that since Google's practice is now laid down in its Terms of Services, consumer protection agencies are likely to become active and initiate judicial proceedings against Google in the near future.
Also, this practice of scanning incoming emails may come into the focus of German prosecutors.
Other than in the US, where Google's practice was examined under wiretapping laws, German prosecutors likely will look into the criminal offence of phishing (sec. 202b German Criminal Code). Other EU-countries have similar criminal laws.
Despite the fact that there has only been a limited sale of Google Glasses in the U.S., several German data protection specialists have already strongly criticized the product. For example, just recently a German television debate featured the topic "Becoming a criminal with high-tech glasses". One of Germany's best known data privacy commissioners, Thilo Weichert, said that Google Glasses are clearly a"weapon to attack people's personal rights" and that "it would be a disaster if Google Glasses would beextensively sold in Germany and Europe".Weichert also said that a business model that affects personal rights to such extent is highly problematic from a legal point of view. People would film and record other people. Nobody could feel unobserved any longer. Weichert has already acted against Google in the past in relation to other data protection issues. It appears likely that he will strike again once
Google Glasses are sold in Germany.
Infringing Privacy Terms
The decision in Germany is consistent with decisions in other EU jurisdictions. In France, French privacy regulator the CNIL has protected French consumers by ordering Google to inform its users about its violations on thegoogle.fr landing page.
So it can be seen that the Google Spain decision is merely part of much broader shifting sands in respect of the use of personal data online. Until recently, Google may have considered that they could undertake the widespread use of personal data largely with impunity. But in Europe at least, on a number of fronts that position is changing extremely rapidly.