The Court of Justice of the European Union ruled that Google does not have to universalize EU-specific privacy standards | Sean Gallup/Getty Images Europe’s top court sides with Google in landmark privacy case The Luxembourg-based judges say the region’s ‘right to be forgotten’ decision should not apply worldwide.

Google finally got some good news from Europe.

Judges at the Court of Justice of the European Union ruled Tuesday that the search giant does not have to apply some of the region's privacy standards globally, a blow to Europe's efforts to export its digital rulemaking beyond the borders of the 28-country bloc.

In its decision, the Luxembourg-based court said the so-called right to be forgotten — or the ability for people based in Europe to demand that Google and others remove certain results linked to people's names from search results — should only apply within the European Union.

"The Court concludes that, currently, there is no obligation under EU law, for a search engine operator who grants a request for de-referencing made by a data subject, as the case may be ... to carry out such a de-referencing on all the versions of its search engine," the court wrote in a statement. "However, EU law requires a search engine operator to carry out such a de-referencing on the versions of its search engine corresponding to all the Member States."

The case pitted France's privacy regulator against the American tech giant over how Google should apply the privacy ruling across its global digital empire.

It represented a test of how far Europe could push its own digital standards onto the rest of the world, and highlighted how powerful regulators in Brussels and national capitals have now become in deciding how the likes of data protection and competition rules are implemented across the region and beyond.

“It’s a significant judgement,” said Christopher Kuner, professor of the Brussels Privacy Hub at the Vrije Universiteit Brussel. “But I don’t think it will hinder the expansion of EU data protection law, it will still be influential in other countries.”

The French data protection watchdog — the Commission nationale de l'informatique et des libertés, or CNIL — had said that only applying the privacy standard globally, and not just within Europe, could guarantee these links would not show up in regular Google searches in a breach of European law.

“The CNIL will fully analyze the rulings in detail in the coming days,” France’s data protection authority said after the ruling.

The agency had fined the search engine €100,000 for failing to apply the privacy standard worldwide, which the company had then appealed to Europe's highest court.

"Once it’s accepted that something should be taken down, it should apply globally,” Gwendal Le Grand, the CNIL's director of technology and innovation told POLITICO before Tuesday's ruling was published.

Google had pushed back on that view, asking Europe's highest court to rule on what geographical limits, if any, should be applied to the region's right to be forgotten. The EU's privacy standard has been copied by others, notably in Russia, but has faced legal pushback elsewhere, including in the United States, over concerns about the right for people to access information online.

During a legal hearing in Luxembourg last year, the search engine's lawyers had warned the judges about the harmful effects that a global ruling would have on how people could access information over the internet if Europe was allowed to extend its own privacy standards globally.

“We’ve worked hard to implement the right to be forgotten in Europe, and to strike a sensible balance between people’s rights of access to information and privacy,” Peter Fleischer, Google’s global privacy counsel, said in a statement. "It’s good to see that the Court agreed with our arguments.”

The CNIL on Tuesday acknowledged the court went against the French watchdog's analysis on territorial scope. But “if the court does not grant dereferencing a global reach, it does say that dereferencing should be done at EU-level, and not only in the country of residence of the plaintiff,” the privacy regulator said.

In a separate, but related ruling, the judges said that search engines like Google must remove so-called sensitive data like a person's ethnicity from search results, though should balance those requests with others' legitimate right to access information online.

Privacy vs. freedom of speech

The decision ends five years of legal wrangling after the same Luxembourg-based judges ruled in 2014 that Google and other search engines must remove links from online results if they infringed on people's privacy rights and meet other hurdles.

In the aftermath of that initial decision, the tech giant created a complex online system for people to submit requests, and the company has removed almost 1.5 million web links related to people's "right to be forgotten" requests over that time period, according to its latest transparency report. People in France have been some of the most active users of the service, requesting that almost 600,000 web links be removed over the last five years.

Freedom of speech campaigners, though, have warned that Europe's privacy ruling would limit people's ability to access content online, and several media associations spoke out against how other countries like Russia have used the region's 'right to be forgotten' principle to clamp down domestic political dissent.

In its ruling on Tuesday, the judges said that while the ability to remove links within search results would likely have an immediate effect of those involved in making the requests, other countries do not recognize Europe's so-called right to be forgotten.

They added that people's privacy rights are not absolute, and that they must be balanced with society's wider needs to access information online.

"The balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world," the judges concluded.