The Right Tools: Europe's Intermediary Liability Laws and the EU 2016 General Data Protection Regulation

January 21, 2018

The European Union’s (EU) General Data Protection Regulation (GDPR) makes important changes to the “Right to Be Forgotten” established by the Court of Justice of the European Union’s landmark 2014 Google Spain ruling. The GDPR introduces new notice-andtakedown rules for “Right to Be Forgotten” requests that will make deliberate or accidental over-removal of online information far too likely. The new rules give private Internet platforms powerful incentives to erase or delist user-generated content—whether or not that content, or the intermediaries’ processing of the content, actually violates the law. These problems could be mitigated, without threatening the important privacy protections established by the GDPR, through procedural checks and balances in the platforms’ removal operations.


Daphne Keller

Director of Program on Platform Regulation, Cyber Policy Center and Lecturer, Stanford Law School
Daphne Keller