Google LLC. – Complaint Upheld (Greece, 2024)

The data subject submitted a data erasure request to Google LLC (the controller) on 7 September 2021 requesting the removal of several search results from the controller's search engine that were produced with his full name search. The results linked pages where the data subject's name had been linked to a criminal conviction of a relative, which the data subject contended he had no involvement with. The data subject informed the controller, attaching a plenary court ruling to prove he had no connection with the acts for which his relative was convicted, that his name had been wrongly linked to the criminal conviction. Additionally, the data subject requested the controller to remove third party blog posts on Blogger, which the data subject believed Google was the controller of as the owner of the blog-hosting platform. The controller selectively removed certain links while retaining others, citing a legitimate public interest in having access to the information that concerned criminal offences, and arguing that deletion of the relevant links was therefore not permissible. According to the controller, this decision aligned with the criteria outlined in the Guidelines of the Article 29 Working Party. Additionally, the controller argued that the data was related to professional activities of the data subject, specifically concerning alleged offences and involvement in scandals related to companies. The controller also asserted that the document produced by the data subject was not related to the aforementioned information and did not prove that the information was inaccurate or outdated. Finally, regarding the blogs which the data subject had requested removal of, the company stated that the service was provided by Google Ireland Ltd., a company based in Ireland, but that neither Google LLC nor Google Ireland were responsible for the personal data that users may post using the Blogger service. In particular, the controller argued that Google Ireland is the hosting pr