Google LLC – Violation Found (Italy, 2023)

The Guarantor for the Protection of Personal Data received a complaint of a data subject pursuant to Article 77 GDPR, in which Google LLC was ordered to remove URLs yielding results in which the data subject was linked to a judicial affair involving charges of fraud of which he later was acquitted. Due to these search results, both personal and professional reputation of the data subject were susceptible to harm. Pursuant to Article 55 (1) GDPR, it falls within the realm of competence of the Italian Guarantor to decide complaints brought before it when reference to its national territory is given. Google LLC asserted that web pages linked to two of the URLs mentioned by the data subject, cannot via search results be associated with the data subject. According to Article 57 1 f GDPR, the Guarantor does neither find sufficient reason to adopt measures in this regard nor to extend a similar assessment to the request for removal outside of solely European versions of the search engine. The controller also noted that it cannot accede to the request for removal of the remaining URLs as neither has public interest ceded in these nor did the data subject sufficiently communicate the acquittal regarding the crime of fraud. The picture drawn by the search engine´s results does not however yield an apt representation of the data subject´s acquittal in 2015. The Guarantor has found that processing of such data via Google LLC violates the principles of accuracy and updating of data as provided in Art 5 par 1 let d GDPR. Following Art 58 2 c and g GDPR, the Guarantor finds the data subject´s complaint well-founded and hence orders Google LLC to issue the removal of said remaining URLs found to be in association with the data subject´s name. Pursuant to Article 157 of the Code on the Protection of Personal Data, Google LLC is invited to present which measures have been taken to achieve what was prescribed. Failure to respond to the above request is punishable by the administra