Are You Inadvertently Processing European Criminal Conviction Data? The Overlooked Impact of GC v CNIL

Google continues to drive the development in case law of the Court of Justice of the European Union (CJEU) on the right to be forgotten in two recent cases.

A lot of the media attention in Europe has focused on Google’s ‘major victory’ in Google v CNIL (Case C-507/17), according to which the EU General Data Protection Regulation (GDPR) did not require Google to de-list search engine results globally following a successful de-listing request in the EU. The CJEU noted, however, that while the GDPR did not require global de-listing, it did not prohibit it. Therefore, EU member states’ courts and data protection authorities would have jurisdiction to determine whether, in light of national standards, a search engine operator would also need to de-list globally.

The CJEU’s decision in Google v CNIL is of limited importance to U.S. companies who do not operate search engines. By contrast, the other right to be forgotten case concerning the tech giant in GC v CNIL (Case C-136/17) may be far more significant for U.S. companies. This case concerning sensitive personal data and criminal conviction data has not received much attention outside of specialist legal and regulatory circles but may in fact have a real impact on companies which may be inadvertently processing European criminal conviction data and may be doing so in violation of EU law.

Background

Two of the claimants in GC v CNIL requested the de-listing of…

Full article available on HR Data Essentials

Latest insights

More Insights
featured image

Employment Litigation in Singapore: Employees Can Double-Strike with Employment Claims Tribunal Win Followed by High Court Claim

4 minutes Jul 11 2025

Read More
featured image

Singapore Issues Advisory to Stop Use of NRIC Numbers for Authentication

3 minutes Jul 11 2025

Read More
featured image

UK Data Protection Reform: Key Updates from the Data (Use & Access) Act

2 minutes Jul 10 2025

Read More