Internet firms to face stiffer fines for breaking EU’s ‘right to be forgotten’ rules


Firms such as Google and Microsoft will face stiffer fines if they violate Europe’s “right to be forgotten” online rules, according to a draft text agreed by European Union ambassadors on Wednesday (20 May), diplomatic sources said.

EU member states are negotiating an overhaul of the bloc’s outdated privacy laws in a bid to make them more harmonised and relevant for the rise of the Internet.

A draft proposal from Latvia, which holds the EU’s rotating presidency, suggests three levels of fines for companies breaching the rules, ranging from 0.5% to 2% of a firm’s annual worldwide turnover, depending on the gravity of the data breach.

Failure to “erase personal data in violation of the right to erasure and ‘to be forgotten'” falls under the second category which foresees maximum fines of one percent of a firm’s annual global turnover, according to the draft.

>>Read: Google leans towards EU-only ‘right to be forgotten’

EU ambassadors endorsed the fines on Wednesday, three diplomatic sources said.

Once all parts of the reform proposal have been agreed, EU ministers should endorse the whole text in mid-June. Following that, member states representatives can begin discussions with the European Parliament – which wants fines of up to 5% of global turnover – to find a final compromise.

The fines would give data protection authorities a much bigger stick in ensuring that EU data privacy rules are respected.

Under the current regime not all privacy watchdogs have the power to levy fines, and where they do, the amount is often negligible for big firms.

>>Read: EU watchdogs to apply ‘right to be forgotten’ rule on Web worldwide

Google, for example, has refused to bow to EU regulators’ demands that it implement the “right to be forgotten” across all its websites, including

Last year the European Union’s supreme court ordered it to remove outdated or irrelevant information from its name-search results but it is only applying the ruling across its European domains, such as in Germany, arguing that it automatically redirects users to their local website anyway.

Social network Facebook has also come under fire from several EU regulators for its new privacy policy, although it maintains that only the Irish data protection commissioner can police it since it has its European headquarters in Dublin.

The European Court of Justice ruled in May 2014 that Google could be forced to remove links to online content that breaches EU privacy laws.

The ECJ ruled that Google should, under certain circumstances, edit or remove its Internet search results, backing the EU's drive to introduce a "right to be forgotten" on the Internet.

>> Read: EU court ruling opens door for ‘right to be forgotten’ on the Internet

European regulators are now working on guidelines for appeals from people whose requests to remove information has been turned down by search engines such as Google or Microsoft's Bing.

Google says it has received over 120,000 requests from across Europe to remove from its search results everything from serious criminal records, embarrassing photos and negative press stories.

The May ruling from Europe's top court sparked a lively debate between free speech advocates who say it will lead to a whitewashing of the past, and privacy campaigners who say it simply allows people to limit the visibility of some personal information.

>> Read: EU preparing guidelines for 'right to be forgotten' complaints

European Union

Subscribe to our newsletters