Case C-131/12, Google Spain and Google Inc. v. AEPD et Costeja Gonzalez. Searchengines as controllers: inconvenient implications of a questionable classification

A striking aspect of the ruling in Google v. Agencia Española de Proteccion de Datos (AEPD) and Mario Costeja Gonzalez is the radical contrast between the Opinion of Advocate General Jääskinen and the decision of the Court of Justice (CJEU). Not only did the Advocate General and the CJEU reach contrary conclusions, but they also differing the analysis of essential points of the case and on the comparative assessment of the values at stake. Here, I shall focus on a key point of their disagreement, namely, the classification of search engine operators as controllers. I shall side with the Advocate General on this point, arguing that search engine operators should not be viewed as controllers who process personal data, with regard to the construction and usage of their indexes. I shall also argue that this view could be made consistent with an adequate protection of data subjects, by applying to data protection and search engines the regime of providers’ immunities established by the eCommerce Directive.