A recent court ruling in Europe will present new challenges to online corporations such as Google Inc. and Microsoft Corp.  Not only will this directly affect their operations in the E.U., but it will also have implications for such companies’ operations and customers in the United States as well.  Last week, the highest court in the European Union ruled that citizens have a “right to be forgotten,” particularly in relation to their personal information and data that is maintained online.

The court’s decision is certain to have a major impact on online giants and small startups alike in a world that is increasingly driven by social media, online search engines, online financial transactions, etc.  News of this recent ruling is almost certain to encourage waves of individuals and entities to contact online companies in efforts to exercise their newfound “right to be forgotten.”  Those online companies may in turn be forced to reallocate substantial resources toward time-consuming initiatives within their compliance departments.  Small startups may be hard-pressed to compete with the online giants as they attempt to adjust to rising compliance costs.  Customers may conceivably bear the burden of these added costs through adjustments to pricing plans.  They may even be faced with the removal of certain types of services by companies seeking to avoid liability.

As expected, online corporations are opposed to the E.U. court’s decision, and are currently reviewing the arguments presented and their lasting effects.  Google spokeswoman Leslie Miller described the decision as a “disappointing ruling for search engines and online publishers in general.”  A spokeswoman for Yahoo was even more critical, stating “since our founding almost 20 years ago, we’ve supported an open and free internet; not one shaded by censorship.”

While this decision has been widely reported over the past week because of its business and privacy implications, this controversial ruling will also substantially impact the realm of e-discovery.  Spoliation and/or intentional destruction of evidence are clear violations of well-established legal provisions (as mentioned in our previous blog post entitled “First Department Case Development on the Federal and New York Common Law Spoliation Standards” by Sean Gajewski).  It is unclear; however, what role companies holding private information and data will now be forced to play in light of this ruling.  On the one hand, these companies will require an increased emphasis on maintaining the privacy of their users; on the other hand, they may be frustrating the efforts of prosecutors and private parties alike, who are merely attempting to collect and maintain evidence in both criminal and civil matters.

The questions that this ruling brings to light for online companies are seemingly endless.  Where does one draw the line between protecting privacy and intentionally removing potentially incriminating or damaging material?  Will corporations and/or their compliance officers be at risk for sanctions for their part in removing or destroying such material?  Will certain information still be exempt from the ruling, thus qualifying or distinguishing the privacy rights provided by the Court?

While these questions will soon be wrestled with in European courts, the often murky and opaque world of choice of laws will become exceedingly relevant.  After all, there are a plethora of affected online companies in the United States that have substantial operations in Europe, and vice versa.

Because of the significant impact on the operations of companies such as Google Inc., Microsoft Corp., and others, this ruling is likely to face heavy scrutiny from those affected.  Lawmakers and regulators throughout the U.S., including those in the Federal Trade Commission, have surely taken notice and may add fuel to the fire of the online privacy debate stateside.

A special thank you to Gregory R. Harvey, a Summer Associate at Cullen and Dykman LLP, for his assistance with this blog post.

 

Topics:  Cybersecurity, Data Controller, Data Protection, EU, EU Data Protection Laws, Google, Microsoft, Personally Identifiable Information, Privacy Laws, Right to Be Forgotten, Right to Privacy, Search Engines

Published In: Civil Procedure Updates, Constitutional Law Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cullen and Dykman LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »