By Tatiana-Eleni Synodinou

Google’s legal adventures in Europe are constantly demonstrating that Google is pushing the boundaries of European information law to their outer limits. The conflicting interaction of Google’s business methods and of European legal norms is a major challenge both for the revision of Google’s business tactics and for the evolution of law in a way that takes into account emerging innovative technologies and practices. In this context, it is important to examine how the fundamental dogma of the free flow of information and the principle of automated neutral data-processing, which both are defended and applied by Google, have been tested before the European jurisdictions in the light of copyright law, trademark law, data protection and personality rights.

Introduction

On June 1 2012 Google published its “Transparency Report” which contains data on content removal requests submitted by copyright owners via the Web form for Google Search. The Report does not contain any data about removal requests targeting Google products other than the Google Search, such as requests directed at YouTube or Blogger.1 This omission qualifies the finding that Google has listened to copyright owners’ concerns and has in the great majority of cases complied fully with copyright owner’s requests.2 Indeed, Google’s relationship with copyright law and with the law more generally could be fairly described as one of rivalry rather than peaceful co-existence. The constant expansion of Google’s activities to a wide range of services and products3 renders this conflicting relationship even more turbulent. Indeed, the transformation of Google from a search engine to an IT giant, whose ambition is not only to be present but even to dominate various branches of the IT industry, inevitably results in legal disputes across a broad range of legal fields, such as intellectual property law, privacy and defamation, and private international law.

Information technology strategies are often related to the popular belief that when it comes to the law, the Internet is a marvelous place which offers any number of opportunities and is not subject to any legal restrictions. This view is often expressed by the imposition of opt-out business models as regards exercising the rights of third parties who are affected by the activities of IT pioneers. Nonetheless, taking into consideration the slow but constant struggle of the law to encompass and regulate technological challenges, it would be more appropriate to state that information technology giants, such as Google, are constantly testing and pushing against the barriers of law, rather playing on a field without any legal rules or obligations. Therefore, the focal question that is raised is whether Google’s multiple judicial adventures promote an advancement of law that reflects Google’s business strategy or whether Google will have to fully comply with the European legal framework and legal culture and, as a result, to adapt its business model to match the constraints imposed by law.

In order to analyze the complex interaction between Google and the law, it would be useful first to refer to two fundamental principles which appear to guide Google’s general business strategy. We will refer mainly to (I) the dogma of the free flow of information and to (II) the principle of automated data-processing. We will evaluate in the light of European case law whether these principles are being called into question or alternatively whether they have prevailed in cases where they appeared to be incompatible with European legislation.


 

I.The dogma of the free flow of information under copyright law and privacy scrutiny


Google’s activities, like those of other pioneers in the Internet sector, are based on the dogma of the free flow of information. Freedom of information and freedom of expression, which include both a right to disseminate and to receive information, are specified through the freedom to gather information and the freedom to search, index and to provide links. Google’s strategy of attracting Internet traffic to its various services and applications also serves the purpose of collecting valuable user information, which is crucial for personalizing advertising.4

Nonetheless, the “information” which circulates and is stored to Google’s services and products often relates to works protected by copyright or constitutes a substantial part of a database, e.g. a website, which is protected by the database creator’s sui generis right. An illustrative example of copyright infringement by Google’s products in Europe is the Belgian “Google News” cases.5 In brief, the Belgian press editors’ collecting society Copiepresse sought a prohibitory injunction against Google in 2006 for having stored, reproduced, extracted and re-used Belgian newspaper content in its “Google News” daily press review, without permission from the Belgian press editors. The Court found Google guilty of infringing both copyright and database sui generis rights on 5 September 2006.6 On 13 February 2007, the Belgian Court reaffirmed its original decision, at least in respect of the part concerning copyright infringement,7 and this decision was also confirmed by the Brussels Court of Appeal on 5 May 2011.8 Google’s claim that it is merely a search engine which operates on the basis of copyright exceptions, and that its activity could be excused on the grounds of the fundamental right of access to information (Article 10 of the European Convention on Human Rights) was rejected by the Court.9

Google was also found guilty of copyright infringement in France in relation to one of its most ambitious projects, the Google Book Search Library Program. The Paris Court of First Instance ruled on 18 December 200910 that Google was violating French copyright law – which was deemed to apply both to the stages of scanning of works and of displaying snippets – and firmly rejected Google’s argument that displaying a limited number of short extracts from books is covered by the exception of quotation. The Court indirectly accepted that searching the content of digitalized books using keywords and providing snippets substituted the need to access the full text of the book, since they enable users to find the information they are looking for.11 Google appealed the decision.

It might be argued that in the field of copyright law, with some exceptions such as the case of displaying thumbnail images via its Google Images service,12 the underlying trend has been to strictly ascertain copyright infringement. This is due to the prevailing principle of narrow interpretation of copyright exceptions in Europe.13

Similarly, a significant volume of the data processed by Google product and service users or by Google itself is personal data which enjoys a significant level of legal protection in Europe. The privacy implications of Google’s activities have been examined by the European privacy authorities on several occasions. On a number of occasions, the Article 29 Data Working party14 has firmly expressed the view that the processing and retention of personal data by Google in its primary function as a search engine but also in its ancillary activities raise a number of significant privacy concerns for European citizens.

The processing of data has to comply with the principle of lawfulness, and search engines therefore have to specify explicit and legitimate purposes for which they are processing personal data.

As regards Google Search, the retention period of search queries and their anonymization in the server logs was one of the first issues pinpointed by the Article 29 Working Party15 as raising privacy concerns. According to Opinion 1/2008 concerning data protection issues related to search engines,16 the Data Protection Directive 95/4617 applies to the processing of personal data by search engines generally, even when their headquarters are located outside the EEA. Consequently, Google has to comply with the stringent data protection regime established by the Directive if it is considered as a data controller.18 The processing of data has to comply with the principle of lawfulness, and search engines therefore have to specify explicit and legitimate purposes for which they are processing personal data. While data could be processed on the basis of the user’s consent or on the grounds that it is necessary for the performance of a contract, such as in the case of registered services (e.g. the creation of a Gmail account), this is harder to evaluate when the processing is necessary for the purposes of a legitimate interest pursued by the search engine.19 Legitimate purposes, such as service improvement, system security, fraud prevention or law enforcement must be carefully scrutinized in order to ensure that the processing of users’ data is necessary and adequate, and that the period of data retention is not excessive.20 In response to the Article 29 Working Party’s Opinion, Google decided to “anonymize” IP addresses in its server logs after 9 months.21

Google admitted that since 2006, it had been mistakenly collecting personal data, including snippets of email, from non-password protected Wi-Fi networks in more than 30 countries with its Street View cars.

Another delicate privacy issue of concern to the EU privacy authorities is the potential risks posed by panoramic street-level view services, such as Google’s famous Street View. Even though Google blurs people’s faces, car number plates and other features that might allow people to be identified, problems could still arise from the storage and possible correlation of the vast number of pictures required to enable the service to operate, and which Google has already collected.22 Other privacy complications include the capture of images in places which are “sensitive” from a data protection point of view (such as churches, hospitals, etc.), the application of the principle of proportionality to the retention period of images that are not blurred and the guarantee covering the proper and effective exercising of the data subject’s rights, such as the right of information and the right of objection.

In 2010, another major Google privacy “sin” directly linked to its Street View service was revealed. Google admitted in an official blog post that since 2006, it had been mistakenly collecting personal data, including snippets of email, from non-password protected Wi-Fi networks in more than 30 countries with its Street View cars.23 Google issued a public apology and declared that it plans to delete all the data as soon as it obtains clearance to do so from government authorities. Nevertheless, Google’s non-compliance with the data protection requirements laid down by the French Data Protection Authority (CNIL) resulted in the company being ordered to pay a fine of 100,000 euros in March 2011.24

Google’s partial compliance with the warnings issued by the data protection regulatory authorities in Europe demonstrates that the European data protection legal framework seems to have influenced Google’s privacy threatening tactics. Since the data protection regime in Europe is currently in the process of being revised,25 Google will probably have to revise its privacy policies further, if some of the proposed amendments, such as the data subject’s right to be forgotten, are finally adopted. The question has also been referred recently to the Court of Justice of the European Union, because in February 2012, Spain’s highest court asked the Court to decide whether requests by Spanish citizens to have data deleted from Google’s search engine were lawful.26

 

II.Automated processing techniques and the question of exemption from legal liability in the light of trademark law and personality rights

In the field of trademark protection, the case law of the Court of Justice of the European Union concerning the legality of Google AdWords has been marked by a more liberal approach. The “Google France” rulings and the subsequent European Court of Justice case law concerning AdWords appear prima facie to comfort Google’s leading advertising business model.27

Through “AdWords”, Google allows advertisers to select keywords so that their ads are displayed to Internet users in response to those keywords being entered in Google’s search engine. At issue has been the legality of the use of keywords which correspond to trade marks.

Pursuant to the divergent positions expressed in French case law, the French Court of Cassation referred the following basic questions to the European Court of Justice: First, whether the use by Google, in its AdWords advertising system, of keywords corresponding to trade marks constituted an infringement of those trademarks. The second crucial question was whether Google could be exempted from liability on the grounds of Article 14 of the E-commerce Directive,28 in which case it was not guilty of trademark infringement. In its judgments published on 23 March 2010,29 the Court concluded that while Google was acting in the course of trade, it was not using the trademarks for its own advertising service and therefore it could not be held liable for trademark infringement. As regards the second major issue, the Court held that Article 14 of the E-commerce Directive must be interpreted as meaning that the rule laid down therein applies to an Internet referencing service-provider in cases where that service provider has not played an active role of such a kind as to give it knowledge of, or control over, the data stored. If it has not played such a role, that service provider cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned.

The major question that has to be asked is whether Google’s role really is technical. With the help of software which it has developed, Google processes the data entered by advertisers and the advertisements are then displayed under conditions which Google controls.

Hence, it is still possible to be held liable on the grounds of general civil tort provisions, if the defendant fails to comply with the obligations laid down by Article 14 of the E-commerce Directive. National courts will therefore have to evaluate the role played by Google in the course of creating the advertisement and more precisely to examine whether its role is neutral, in the sense that its conduct is merely technical, automatic and passive, pointing to a lack of knowledge or control of the data which it stores.30 Indeed, the major question that has to be asked is whether Google’s role really is technical. With the help of software which it has developed, Google processes the data entered by advertisers and the advertisements are then displayed under conditions which Google controls. In fact Google determines the order of display, according to inter alia the remuneration paid by the advertisers,31 while the activity of Google concerning the AdWords’ “broad match” function could be seen as more than merely neutral.32

While the acknowledgement that Google’s role is primarily a technical one could militate in favor of its exemption from liability for trademark infringement, the same argument raised by Google in the French “Google Suggest” cases did not have a similar effect before the French Courts.

The main issue concerning Google Suggest is whether Google could be held liable as a content provider for infringements which might result from the content, namely the keywords or search terms that Google sells or offers to its users, despite the fact that this “content” is not generated by Google’s employees but is produced automatically by Google’s software on the basis of statistical data concerning the queries entered by Google users. The debate is controversial because it has been proved that Google sometimes filters particular kinds of content, such as pornographic content or politically-sensitive content, or it ranks content according to its own ranking criteria.

Two landmark cases in France, the “Direct Energie”33 and the “CNFDI”34 cases, have clearly demonstrated that the defense of the purely neutral and technical nature of Google’s automated tools does not necessarily preclude Google’s liability. In both cases, Google was held liable for defamation, despite the fact that Google insisted on the automatic and statistical nature of the suggestions proposed, and argued that the suggestions were not illegal but clearly legitimate and useful for the entire community of Internet users, because they constituted an objective reflection of the statistically most frequent searches carried out by users. It is noteworthy that in the Court of Appeal’s ruling in the “Direct Energie” case, the Court held that the prejudice caused to “Direct Energie” derived from the lack of information about the criteria used by Google to determine the order of display of suggestions. Accordingly, the Court invited Google to provide transparency and ordered it to provide an explanatory notice on how suggestions are generated.35

 

Conclusion

Apple and Samsung in the realm of patent law, Microsoft tactics scrutinized under the rules of competition law, Facebook’s innovative applications threating personal data protection… most of the current and past Information Society giants have played, willfully or otherwise, a role in the development of information technology law. However, Google has been the company that has featured most strongly in the evolution of this emerging branch of the law. Some might say that the law is resistant in general terms to the innovations created by NICT. Others would admit that the law sometimes finds it difficult to keep up with changes in society. The most orthodox, albeit boring in a way, point of view might however be the truest: having a perfect knowledge of the limits and boundaries of the law (privacy, intellectual property law or competition law), some major IT actors are constantly pushing and testing these. The business model here can easily be guessed: better to be the first on a new domain now than to learn three years later that you were right not to do it. And the result, on a global scale, cannot be misinterpreted: Google has a dominant position in the development of information law, with a quite impressive number of cases already judged or pending. We can only hope that in addition to constant conflict, a constructive dialogue has made its appearance to a certain degree where Google has learned from the cases it has lost, and the legal systems have evolved in accordance with the legitimate needs of the IT sector.

*This article is based on a paper presented by the author on 25 June 2010 at the 3rd International Seminar on Information Law (Corfu, 2010). The paper is available on line at: www.ssrn.com.

About the Author

Tatiana-Eleni Synodinou is Assistant Professor at the Department of Law of the University of Cyprus. Her research covers intellectual property law, information law, media law, land law and company law. She has published 6 books and over 35 articles in Greek, English and French. She is a contributor to Kluwer copyright blog (http://kluwercopyrightblog.com/). She can be reached at: synodint@ucy.ac.cy.

References

1.https://www.google.com/transparencyreport/removals/copyright/.


2.For example, Google reports that it removed 97% of search results specified in requests received between July and December 2011. See E. Rosati, Google publishes its copyright report, http://the1709blog.blogspot.com .


3.For a description of Google’s products and services, see: http://www.webrankinfo.com/google/produits.php.


4.A. Lopez – Tarruela, Google Pushing the Boundaries of Law, in : A. Lopez – Tarruela (ed.), Google and the Law, Springer 2012, p. 7.


5.Google News is a news-feed aggregator which covers news articles appearing within the past 30 days. Its fr ont page provides roughly the first 200 characters of the article and a link to its larger content. Even if an article is no longer available on the news website, it is still possible to access it via a “cached” link which provides access to its content stored in Google’s system cache. See: http://en.wikipedia.org/wiki/Google_News.


6.TPI Bruxelles, 5 septembre 2006, http://www.droit-technologie.org. Also see: Van den Bulck P./Wery E./Bellefroid M., Google News sur la sellette, Le triomphe de David sur Goliath?, http://www.droit-technologie.org ∙ R. Xalabarder, Google News and Copyright, in: A. Lopez-Taruella, op. cit., 113.


7.TPI Bruxelles, 13 février 2007. Van den Bulck P., Copiepresse contre Google: les limites du « caching » ?, Revue Lamy Droit de l’Immatériel, avril 2007, 67.


8.CA Bruxelles (9ème ch.) 5 May 2011, Copiepresse SCRL v Google Inc.


9.Copiepresse SCLR v Google Inc., par. 32, 56-58.


10.TGI Paris, 18 décembre 2009, http://juriscom.net.


11.See: Agnès Lucas-Schloetter, Digital Libraries and Copyright Issues, in: Iglezakis/Synodinou/Kapidakis, E-Publishing and Digital Libraries, Legal and Organizational Issues, IGI Global, Hershey New York, 2011, p. 159.


12.CA Paris, 26 janvier 2011, SAIF c/ Google, http://www.juriscom.net ∙BGH Urteil vom 20 April 2010, I ZR 69/08.


13.Nonetheless, for an interpretation of the three step test in the light of the factors involved in the fair use defense, see: Judgment of the Audiencia Provincial (Court of Appeals) of Barcelona, sect. 15th, 17 September 2008.


14.Article 29 of the 95/46 establishes a “Working Party on the Protection of Individuals with regard to the processing of Personal Data” which is generally known as the “Article 29 Working Party”.


15.Letter addressed to Google Inc., dated 16 May 2007, D (2007) 6016.


16.Opinion on Search engines, WP148, 4 April 2008.


17.Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, L 281, 23/11/1995 P. 0031 – 0050.


18.Opinion on Search engines, op. cit., p. 14-15.


19.Article 7 (f) of Directive 95/46.


20.Pages 17-18 of Opinion 1/2008, op. cit.


21.Google Blog “Another step to protect user privacy” (8 September 2008), http://googleblog.blogspot.com/2008/09/another-step-to-protect-user-privacy.html and http://www.google.com/policies/privacy/faq/#toc-anonymize.


22.Article 29 Data Protection Working Party, Press release, Brussels, 10 Dec 2008, http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_10_12_08_en.pdf


23.http://en.wikipedia.org/wiki/Criticism_of_Google.


24.CNIL Délibération 2011-035 de la formation restreinte prononçant une sanction pécuniaire à l’encontre de la société GOOGLE Inc., http://www.cnil.fr/fileadmin/documents/La_CNIL/actualite/D2011-035.pdf.


25.See: Proposal for a General Data Protection Regulation, http://eur-lex.
europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:EN:PDF.


26.C- 131/12, http://curia.europa.eu.


27.See: J. Phillips, Google AdWords: Trade Mark Law and Liability of Internet Service Providers, in: Lopez-Tarrulela (ed.), op. cit., p.37.


28.Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services.


29.Google France, Google, Inc. v Louis Vuitton Malletier, Viaticum SA, Luteciel SARL, Centre national de recherche en relations humaines (CNRRH) SARL, Pierre-Alexis Thonet, Bruno Raboin, Tiger SARL, Joined Cases C-236/08 to C-238/08.


30.Point 114.


31.Point 115.


32.B. Clark, ECJ decides in French Google AdWord referrals: more seek than find? J Intell Prop Law Pract 5, 2010, 480.


33.Tribunal de commerce de Paris, (ref.), 7 mai 2009, Direct Energie / Google Inc., http://www.legalis.net ∙ CA Paris, 2ème chambre, 9 décembre 2009, http://www.legalis.net.


34.TGI Paris, 10 juillet 2009, n°9/55969, Centre National Privé de Formation à Distance (CNFDI)/Sté Google Inc., http://www.legalis.net ∙ TGI Paris, 17ème chambre, 4 décembre 2009, JPL-CNFDI / Google Inc., http://www.legalis.net/


35.A. Debet, comment on CA Paris, 2ème chambre, 9 décembre 2009, Google Inc. / Direct Energie, Communication-Commerce Electronique, mai 2010, 31.