In two recent landmark decisions issued on November 6, 2019, the German Constitutional Court (“BVerfG”) presented its unique perspective on the “right to be forgotten” and announced that it will assume a greater role in safeguarding German residents’ fundamental rights from now on.

Case 1 (1 BvR 16/13)

The first case concerned a person who had committed a murder in 1981.  The full name of the perpetrator was mentioned in several articles about the crime published in the early 1980s in the magazine Der Spiegel.  In 1999, Der Spiegel digitalized its archive and made all articles available online for free.  After completing his sentence, the plaintiff demanded that the articles be omitted or anonymized, arguing that their availability endangered his re-integration into society.

The plaintiff prevailed insofar as the BVerfG found that his interests had not been sufficiently taken into account when the articles were digitalized and made accessible online.  As a result, the court instructed the lower courts to explore how the negative effects of a publication in an online press archive can be mitigated, including by technical means, without placing overly onerous obligations on publishers.

Surprisingly, the BVerfG also held that this case did not concern the fundamental right to privacy at all.  The court explained that the right to privacy primarily concerns the protection of the individual against the collection of personal data and the risks arising from such data being processed and combined through non-transparent processes and algorithms.  In contrast, the issue at stake in this case was actually the reconciliation of the freedom of the press and media with more general “personality rights”—i.e., a person’s interest in not being the subject of public discussion and in having control over his or her public image.

The court held that since these rights are not fully harmonized by EU law, the fundamental rights guaranteed by the German Basic Law (Grundgesetz) applied.  The BVerfG stressed that in areas where the law is not fully harmonized, the application of fundamental rights granted by national constitutions can lead to different outcomes in the Member States.

Case 2 (1 BvR 276/17)

The facts of the second case were quite similar to the facts of the “Google Spain” case decided by the Court of Justice of the EU (“CJEU”) in 2014.  In Google Spain, the CJEU ordered Google to remove certain links from search results because they led to information that could damage the reputation and creditworthiness of a Spanish businessman.  Similarly, the recent German case also related to online search engine results.  In particular, it centered around an interview that a German television channel conducted in 2010 with the managing director of a company accused by the channel of using “dirty tricks” against its employees.  The channel subsequently published a transcript of the interview on its website which became the target of the plaintiff’s lawsuit against Google, because search results for the plaintiff’s name included a link to the interview transcript.

The BVerfG followed the Google Spain decision with respect to the general principles, in particular by confirming that the right at stake was the right to privacy.  The BVerfG also agreed with the CJEU that Google cannot rely on the right to freedom of the press and media under these circumstances.  However, in the end, Google prevailed and the BVerfG did not order the takedown of the links at issue, a result which might seem diametrically opposed to the result of the CJEU’s Google Spain decision.  But according to the BVerfG, the facts of this case were significantly different from those in Google Spain, meaning that the outcome of the weighing of the interests of the parties involved also had to be different.  In particular, the BVerfG noted that the potential restriction of the TV channel’s freedom of opinion and media was an indirect effect that had to be taken into account when weighing the interests of the parties directly involved in the case.  In contrast, the publication in the Google Spain decision involved a government publication.

Apart from the BVerfG’s application of the right to be forgotten, the most important aspect of this case was that the BVerfG addressed the issue at all.  In a move that can only be called sensational, the court declared that it is competent to hear constitutional complaints (Verfassungsbeschwerden) from German residents based on fundamental rights guaranteed under the Charter of Fundamental Rights of the European Union (“European Charter”).

The European Charter applied in this case because the law relevant to the case is harmonized by EU law (e.g., by the GDPR).  Over the past 30 years, the BVerfG left the review of such cases to the CJEU.  Now, the BVerfG explained that it would intervene to ensure “the correct application of fully harmonized EU law in the light of the fundamental rights granted under the European Charter”.  It stated that it would supervise the national courts in doing this from now on, while the role of the CJEU was to answer general questions not yet settled under the existing case law of the CJEU or the European Court of Human Rights.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of…

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.

Photo of Nicholas Shepherd Nicholas Shepherd

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing…

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing laws, and other privacy and cybersecurity laws worldwide. Nick counsels on topics that include adtech, anonymization, children’s privacy, cross-border transfer restrictions, and much more, providing advice tailored to product- and service-specific contexts to help clients apply a risk-based approach in addressing requirements in relation to transparency, consent, lawful processing, data sharing, and others.

A U.S.-trained and qualified lawyer with 7 years of working experience in Europe, Nick leverages his multi-faceted legal background and international experience to provide clear and pragmatic advice to help organizations address their privacy compliance obligations across jurisdictions.

Nicholas is a member of the Bar of Texas and Brussels Bar (Dutch Section, B-List). District of Columbia bar application pending; supervised by principals of the firm.