Big quote: "The search engine operator is not required, when acceding to a request for de-referencing, to carry out that de-referencing on all the domain names of its search engine in such a way that the links in question no longer appear, irrespective of the location from which the search on the basis of the requesting party’s name is performed." – EU Advocate General Maciej Szpunar
In a large win for Google and other search providers, a chief adviser of the European Court of Justice has granted some clarity over the right to be forgotten. Up until now, the right to be forgotten has been applied globally by online entities to avoid risk of facing stiff penalties.
For those in the EU wishing to access search results without omissions created under the right to be forgotten, using a VPN from another country may soon work. Advocate General Maciej Szpunar declares, "search requests made outside the EU should not be affected by the de-referencing of the search results." On a technicality, the ruling is non-binding, but the flood gates are open for Google and others to begin ignoring any request targeting information on foreign domains.
One of the key concerns held by the Advocate General is fragmentation of the web as a whole. There is some concern that withholding information from foreign countries could lead to retaliation in which certain sites become accessible from select geographic locations. This may seem a little far fetched, but it certainly is not an impossibility.
Search providers have good reason to allow access to as many accurate results as possible. After all, end users will slowly find their way to the site that offers the best results with the least amount of effort. When searching for personal information, there is a fine line that should be kept. Show too much information and it can be problematic, but reveal too little and the results become meaningless.
The general lack of hard definitions within the EU's right to be forgotten principle makes it a murky subject for businesses to deal with. There are not explicit types of information such as tax identification numbers or home addresses that must be removed. Cultural expectations are what have largely determined the norm of which bits of data are deemed too sensitive to be allowed in public.
Finally, the Advocate General states that there must be a balance between the right to be forgotten and other fundamental rights, noting GDPR, the right to privacy, and the interests of the general public to gain access to information. Under global de-referencing, there lacks any clear path to finally define what right EU members have to receive data.