Google LLC. โ Complaint Upheld (Greece, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Google received a request to remove search results linking a person's name to a relative's criminal conviction. The company decided to keep some links live, arguing there was a public interest in the information. This case highlights the challenges people face when trying to manage their online reputation.
What happened
A person asked Google to erase search results that incorrectly linked their name to a criminal conviction.
Who was affected
The individual whose name was linked to a relative's criminal conviction in Google search results.
What the authority found
The Hellenic Data Protection Authority found that Google did not have a valid legal basis for removing all the requested links.
Why this matters
This case shows that companies like Google must carefully consider requests for data removal. It also emphasizes the importance of having clear policies for handling such requests.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject submitted a data erasure request to Google LLC (the controller) on 7 September 2021 requesting the removal of several search results from the controller's search engine that were produced with his full name search. The results linked pages where the data subject's name had been linked to a criminal conviction of a relative, which the data subject contended he had no involvement with. The data subject informed the controller, attaching a plenary court ruling to prove he had no connection with the acts for which his relative was convicted, that his name had been wrongly linked to the criminal conviction. Additionally, the data subject requested the controller to remove third party blog posts on Blogger, which the data subject believed Google was the controller of as the owner of the blog-hosting platform. The controller selectively removed certain links while retaining others, citing a legitimate public interest in having access to the information that concerned criminal offences, and arguing that deletion of the relevant links was therefore not permissible. According to the controller, this decision aligned with the criteria outlined in the Guidelines of the Article 29 Working Party. Additionally, the controller argued that the data was related to professional activities of the data subject, specifically concerning alleged offences and involvement in scandals related to companies. The controller also asserted that the document produced by the data subject was not related to the aforementioned information and did not prove that the information was inaccurate or outdated. Finally, regarding the blogs which the data subject had requested removal of, the company stated that the service was provided by Google Ireland Ltd., a company based in Ireland, but that neither Google LLC nor Google Ireland were responsible for the personal data that users may post using the Blogger service. In particular, the controller argued that Google Ireland is the hosting pr
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Google LLC. in GR
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Google LLC. - Greece (2024). Retrieved from cookiefines.eu
Last updated: