Skip to main content

600.000 EUR fine to Google Belgium for misapplying the right to be forgotten

|

The right to be forgotten is one of the more complex rights in the GDPR, requiring a careful balancing of principles and interests. In a recent case before the Belgian data protection authority, Google Belgium was accused of interpreting the right too narrowly. The authority agreed, and imposed a significant fine.

The Belgian data protection authority recently examined a case where a citizen complained about a decision by Google, in which Google denied the citizen's invocation of their right to be forgotten. As is typical of such cases, the citizen argued that Google's search engine referenced search results which were dated and no longer relevant, and which were disproportionately harmful to their interests.

The right to be forgotten is one of the more complex rights in the GDPR, requiring a careful balancing of principles and interests. The nature of the data being targeted matters, as does the degree of harm to the data subject, and their personal status: public figures are generally required to bear a broader burden in relation to publications affecting them privately.

This particular case related to a citizen holding a public but non-political office, who used to have an affiliation with a political party. Since these affiliations were publicly known and published in the press (including online), searches for the citizen's name still clearly indicated their past political affiliation. In addition, the citizen had in the past faced legal proceedings for harassment, but this complaint had been dismissed. The complaint still appeared in search results as well. The citizen argued that, since these issues were both a matter of the past, it was no longer reasonable and indeed actively harmful to link them to such articles. Google declined to remove both categories of links.

The authority ultimately sided with the citizen, but only in relation to the harassment complaint. Given the public office held by the citizen, the authority ruled that their past political affiliation was still relevant as being a matter of public interest. The continued linking to the dismissed legal complaint however was deemed to be unlawful, and Google's refusal to suppress these links were deemed a clear violation of the GDPR, given that Google was aware of the dismissal. The authority therefore imposed a 600.000 EUR fine - the highest Belgian fine to date.

The case is highly interesting on two counts. Firstly, it shows the great importance (and arguably unpredictability) of factual assessment in such proceedings: political affiliation was deemed sufficiently relevant to be maintained, dismissed legal complaints were not. The decision might have been very different if the citizen was running for an electable office, and likely also if the complaints had not been dismissed. Search engines are required to engage in a careful balancing act in such matters.

Secondly, the case is relevant because of the relative magnitude of the fine: 600.000 EUR is the highest fine imposed in Belgium thus far, and also a very significant sum for what is ultimately a reasonable disagreement on the outcome of a balancing exercise. However, the Belgian data protection authority continued its reasoning as also set out in prior discussions, taking the turnover of the data controller and its mother company Google Inc (slightly over 161 billion USD) into account as a key yardstick for establishing a fine. Based on that logic and Google's financial position, it qualified the fine as reasonable and proportionate.

https://www.gegevensbeschermingsautoriteit.be/publications/beslissing-ten-gronde-nr.-37-2020.pdf

 

Article provided by: Hans Graux (Time.lex, Belgium)

 

 

Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}