TY - JOUR T1 - GC et al v CNIL: Balancing the Right to Be Forgotten with the Freedom of Information, the Duties of a Search Engine Operator (C‑136/17 GC et al v CNIL) A1 - De Conca, Silvia PY - 2019 N2 - Case C‑136/17 GC, AF, BH, ED v Commission nationale de l’informatique et des libertés (CNIL), Judgement of the Court of Justice of the European Union (Grand Chamber) of 24 September 2019 Search engine operators are confirmed to be controllers with regard to the processing necessary to create the search result list and the structured overview present under each result. In their quality as controllers, search engine operators are subject to the prohibition and exceptions concerning sensitive data as per Article 8 of Directive 95/46/EC and 9 of the GDPR, since no specific derogation exists. However, the extent of their obligations as controllers is peculiar in the case of sensitive data and is limited to assessments following the request of the data subjects, due to the nature of the technology involved which would make an a priori evaluation impossible. In complying with the right to be forgotten, search engine operators must carry out a balancing of the right to personal data protection with the freedom of expression and information. In this regard, the importance of the role of search engines in making information available is stressed. Furthermore, the right of the general public to research is deemed to be not only limited to current information but also to the past, although in this case the search engine operator should evaluate whether, due to the time passing, the information concerning offences and criminal convictions no longer reflect reality and the web pages reporting outdated information should either be de-listed or listed only after those pages reporting more updated circumstances. Articles 8 and 9 of the Data Protection Directive; Articles 9, 10 and 17 of the General Data Protection Regulation; Articles 7, 8 and 11 of the EU Charter of Fundamental Rights; Articles 8 and 10 of the ECHR JF - European Data Protection Law Review JA - European Data Protection Law Review VL - 5 IS - 4 UR - https://doi.org/10.21552/edpl/2019/4/17 M3 - doi:10.21552/edpl/2019/4/17 ER -