Agencia Española de Protección de Datos (AEPD) – CJEU Judgment (Spain, 2014)
CJEU precedent (Directive 95/46/EC, pre-GDPR)
This is a Court of Justice judgment predating the GDPR. It interprets Directive 95/46/EC (the Data Protection Directive). It is not a cookie or ePrivacy case and is excluded from cookie statistics and the Risk Calculator.
The Court of Justice decided that Google must delete links to personal data from search results if someone asks, even if the data was originally published legally. This ruling matters because it strengthens people's ability to manage their online presence, known as the 'right to be forgotten.'
What happened
Google was required to delete search result links to personal data upon request.
Who was affected
Individuals like Mario Costeja Gonzalez, whose personal data appears in search results.
What the authority found
The Court ruled that search engines must remove links to personal data upon request to uphold privacy rights under Directive 95/46/EC.
Why this matters
This decision created the 'right to be forgotten,' allowing people to request the removal of links to their personal data. Website operators should consider that their content might be removed from search results if it includes personal information.
In March 2010, Mario Costeja Gonzalez, a Spanish national, lodged a complaint against the newspaper 'La Vanguardia Ediciones', Google Spain and Google Inc. with the Spanish DPA (AEPD). The complaint was based on the fact that when internet users entered his name in Google Search, they would find links to two pages of the newspaper (from 19 January and 9 March 1998) on which an announcement mentioning his name appeared for a real-estate auction connected with attachment proceedings for the recovery of social security debts that he owed. The AEPD rejected the complaint in so far it related to the newspaper, as the articles had been lawfully published by order of the Ministry of Labour and Social Affairs. However, it upheld the complaint against Google Spain and Google Inc. because it considered "that it has the power to require the withdrawal of data and the prohibition of access to certain data by the operators of search engines when it considers that the locating and dissemination of the data are liable to compromise the fundamental right to data protection and the dignity of persons in the broad sense, and this would also encompass the mere wish of the person concerned that such data not be known to third parties." The two Google entities brought separate actions before the Spanish High Court appealing the AEPD's decision. The court joined the two cases, and stated that the case raised the question of what obligations are owed by operators of search engines to protect personal data. It held that the answer to this question depended on the correct interpretation of [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A31995L0046 Directive 95/46]. = # With regard to the territorial application of Directive [95/46] and, consequently, of the Spanish data protection legislation: (a) must it be considered that an “establishment”, within the meaning of Article 4(1)(a) of Directive 95/46, exists when any one or more of the following circumstances arise: * when the
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Agencia Española de Protección de Datos (AEPD) in ES
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Agencia Española de Protección de Datos (AEPD) - Spain (2014). Retrieved from cookiefines.eu
Last updated: