The Court of Justice of the European Union, in a major ruling*, has held that EU nationals have the right to have "irrelevant or outdated" information about themselves deleted from search engine results. While the Court appeared to strike a "fair balance" between the public's right to access, and the individual's right to privacy and data protection, this position, if it stands, could seriously impact the ability of compliance officers conducting due diligence.
The case turned on a nineteen-year old negative news article about a Spanish national, available on Google. What the Court has done here is give individuals a "Right to be Forgotten," which means that negative information that someone does not want subject to access, via a search engine, can be ordered deleted. This poses a serious problem for compliance officers seeking the truth about a target. Some commentators are already stating that it amounts to domestic censorship, as is currently practiced in China. How can a compliance officer certify that his or her investigation failed to turn up any significant negative information about a prospective bank customer in the European Union ?
It is bad enough that we have to deal with regimes in the developing world interfering with the free flow of domestic information, but if this ruling results in the wholesale deletion of important negative data about EU nationals, then Country Risk for members of the European Union will take on a whole new function, and it will not be positive. Let us hope that this decision, which raises individual preferences on data about themselves to an entirely new plane, will not be widely adopted.
* Google Spain SL et al vs. Agencia Española de Protección de Datos, Case No. C-131/12, Document No.: G212CJ0131.