Europe is taking aim at Google — again.
Privacy watchdogs in the European Union issued guidelines Wednesday calling on the company to apply the recent ruling on the so-called right to be forgotten to all Google search results.
The new guidelines, issued by a panel composed of privacy regulators from the bloc’s 28 member states, would require Google and other search engines in certain cases to take down links at the request of individuals in the companies’ search domains in Europe as well as outside the region.
Currently, a ruling by the highest court in the European Union applies only to the company’s European domains, like Google.de in Germany or Google.fr in France. Individuals in Europe and elsewhere can still retrieve complete online information by using non-European domains like Google.com.
Europe’s privacy watchdogs said, however, that this interpretation of the decision did not go far enough to guarantee privacy.
“Under EU law, everyone has a right to data protection,” the regulatory body said in a statement Wednesday. “Decisions must be implemented in such a way that they guarantee the effective and complete protection of data subjects’ rights and that EU law cannot be circumvented.”
Regulators did not clarify, however, whether the guidelines would apply to requests made only by residents of the European Union, or if people in other countries could use the ruling to make requests for links to be removed.
The guidelines also raised questions about whether Europe’s data protection rules — which are some of the most stringent in the world — could be enforced beyond the 28-member bloc and if American tech companies like Google and Microsoft would have to comply with the privacy ruling in their American operations.
The privacy guidelines are not binding, and it will be up to EU member countries to decide how to apply them.
European regulators also conceded Wednesday that it might be hard to force Google and other search engines to comply with the privacy rules in jurisdictions like the United States that do not have the same privacy rules.
In a nod to this difficulty, the regulators said they would initially concentrate on “claims where there is a clear link between the data subject and the EU, for instance where the data subject is a citizen or resident of an EU member state.”