Swedish Authority for Privacy Protection (IMY) – Court Ruling (Sweden, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Gothenburg Court of Appeals ruled that Google did not violate the right to erasure under GDPR. This case stemmed from Google's practice of notifying webmasters when search results were removed. The court's decision means Google won't face the proposed fine for this practice.
What happened
Google was accused of violating the right to erasure by informing webmasters when search results were deleted.
Who was affected
Individuals who requested the removal of their personal data from Google's search results.
What the authority found
The Gothenburg Court of Appeals found that Google complied with Article 17 GDPR regarding the right to erasure.
Why this matters
This ruling highlights the complexities of balancing privacy rights with transparency for webmasters. Website operators should be aware that notifying third parties about data removal requests can lead to legal challenges.
GDPR Articles Cited
In March 2020, the Swedish DPA Integritetsskyddsmyndigheten (IMY) fined Google €7,200,000 (SEK 75 million) for violating Article 17 GDPR (the right to erasure). In particular, the IMY considered that Google had violated the right to erasure in connection with two complaints from data subjects (Complaint No. 2 and Complaint No. 8 in the supervisory case), as well as because of its general practice of regularly informing webmasters when search results are being removed. Google appealed that decision before the Stockholm Administrative Court (FiS). In December 2020, the FiS upheld that Google had breached the right to erasure with respect to Complaint No. 2, but found no such breach with respect to Complaint No. 8. In both cases, however, the FiS concluded that Google had acted contrary to data protection law because of its practice of notifying webmasters of deleted search results. The FiS further justified a reduction of the overall fine calculated by IMY for the breaches that were upheld. Google further appealed the FiS decision before the Court of Appeal in Gothenburg. In the context of these appeal proceedings, IMY argued that Google had breached the right to erasure with respect to both Complaint No. 2 and Complaint No. 8, and had also acted contrary to data protection law because of its practice of notifying webmasters of removed search results. IMY wanted the overall fine to be set at €6,300,000 (SEK 66 million). In particular, the proposed fine of €6,300,000 included: * a fine of €96,639 (SEK 1 million) for not respecting the right to erasure with respect to Complaint No. 2; * a fine of €1,448,547 (SEK 15 million) for not respecting the right to erasure with respect to Complaint No. 8; and * a fine of € 4,800,000 (SEK 50 million) for the practice of regularly informing webmasters of deleted search results. = The Gothenburg Court of Appeals partly reversed the findings of the the FiS and found that Google had complied with Article 17 GDPR on the right to
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Swedish Authority for Privacy Protection (IMY) in SE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Swedish Authority for Privacy Protection (IMY) - Sweden (2021). Retrieved from cookiefines.eu
Last updated: