Google LLC – Complaint Upheld (Greece, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hellenic Data Protection Authority upheld a complaint against Google for not removing certain search results linked to a person's criminal conviction. This decision emphasizes the right to privacy and the importance of handling sensitive information carefully.
What happened
Google was found to have improperly denied a request to remove search results related to a user's criminal conviction.
Who was affected
A user who requested the removal of search results linking their name to a criminal conviction.
What the authority found
The authority decided that Google did not adequately justify its refusal to delete the search results, violating the user's right to be forgotten.
Why this matters
This ruling reinforces the importance of respecting individuals' rights to privacy and the removal of sensitive information from search results. It serves as a reminder for companies to carefully consider requests for data removal.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject submitted a data erasure request to Google LLC (the controller) on 8 September 2021, requesting the removal of thirty nine search results from the controller's search engine that were produced with her full name search. The results linked to pages where the data subject's name had been linked to a criminal conviction. As a relative of a public figure, the case generated public interest, and her sensitive data on her criminal situation was extensively published. The data subject stated that it was wrong for websites to publish sensitive data as she was not a public figure. To make sure that information related to her criminal conviction would not appear as a result of a search with her full name. The data subject made several requests to the controller to remove 39 URLs from search results. The data subject stated that the company's rejections based on public interest are not valid as no public interest allows the publishing of sensitive data. The subject also points out that in the absence of a relevant public prosecutor's order under Article 2 of Greek Law 2472/1997 allowing the publication of such data, the company must delete all relevant data from the results of its search engine. The controller upheld that the requests for removal of URLs from (1–12) are related to business activities and refer to felonies allegedly committed by the data subject for which she was convicted. The links (13–14) concern unpaid wages and insurance issues that directly relate to her business activities and are not disputed for accuracy of information. The controller believed the reference to the public interest in the information was valid, and the data subject lacked grounds for the "right to be forgotten," thus they argued against deletion. Finally, the controller stated that for the content of the links (15–39), which do not refer to the data subject and also lead users to websites where content was not available. So the controller will remove links (15–39) from
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (2)
Other enforcement actions involving Google LLC in GR
Complaint Upheld
Details
About this data
Cite as: Cookie Fines. Google LLC - Greece (2024). Retrieved from cookiefines.eu
Last updated: