This is a question where I risk displeasing you. Let me speak as a member of the judiciary, as I am, to say that the GDPR contains very little news on the right to be forgotten. You will not find any specific reference.
If you interview the rapporteur of the Costeja González case, he will furiously react to say that there is no wording in the judgment mentioning the right to be forgotten. He will say that it is actually a right to be delisted. He will say that there is no novelty in the ruling by the Court of Justice, and that the only novelty relates to the faculty of the data subjects involved to directly address the search engine instead of contacting other controllers.
In terms of perspectives, we attach real importance to the coming case before the Court of Justice. Once again, it's a preliminary ruling. It comes from the French council of state. Right after the Costeja González case, together with other national DPAs, we coordinated our enforcement actions, so we clarified which principles are to be defined.
Google, Bing, and other search engines have agreed on the principle. If we look at the statistics published by all of them, you will see that after the initial peak we are now in a reasonable trend. The large majority of requests by data subjects are properly considered, and where they are forwarded to the competent authorities—it could be a court or a DPA—the conclusion by those two is not different from the search engines'.
There is a convergent approach in identifying good reasons in terms of public interest not to delist the relevant information.
The area of disagreement relates to the territorial scope of application of the ruling. While DPAs consider that this should be global, and the French authority has adopted the decision to challenge it before the Court of Justice to say that we should also consider the dot.com domains, Google is of a different opinion, and this is why we are waiting for a conclusion.
The GDPR does not contain any reference to areas where the right to be forgotten is currently regulated by the civil penal code, common rules in all member states. Here I see that regardless of the GDPR, let's say it's business as usual.