#GDPR – Belgian Data Protection Authority fines Google €600,000
The Belgian Data Protection Authority has fined Google €600,000 for failure to comply with the ‘right to be forgotten’. Google rejected a request from a Belgian citizen to have obsolete and damaging search results removed from the site’s search results. The fine is the highest fine ever imposed by the Belgian authority.
The complainant, who plays a role in public life, asked Google Belgium to remove the search results linked to his name from their search engine. Some of the pages he wanted to be removed from the search results concern possible links to a political party that he refutes, and the second concerns harassment that was declared unfounded many years ago. Google decided not to remove any of the affected pages from the search results.
Right to be forgotten
The data protection authority found in Google’s favour concerning the complainant’s possible links to a political party, given his role in public life, but found that Google should have removed those results linked to unfound harassment.
Hielke Hijmans, Chairman of the Disputes Chamber: “The right to be forgotten must strike the right balance between the public’s right of access to information on the one hand and the data subject’s rights and interests, on the other hand. Articles may be considered necessary for the right to information, while others, which relate to unproven harassment should be forgotten, as it could significantly damage the complainant’s reputation for the internet user through their commonly used search engine, Google has clearly shown negligence.”
Hielke Hijmans continues: “This decision is historic for the protection of personal data in Belgium, not only because of the amount, but also because it ensures that the full and effective protection of the citizen is maintained in files of large international groups, such as Google, of which the structure is very complex.”
In this case, Google argued that the complaint was unfounded because it was brought against Google Belgium, while the controller is not Google’s Belgian subsidiary, but Google LLC, which is based in California.
The authority did not accept this argument. In its view, the activities of Google Belgium and Google LLC are inextricably linked and the Belgian subsidiary can therefore be held liable.
This is critical to ensure effective and comprehensive protection of the GDPR as it is not easy for a national authority in Europe to effectively control and sanction a company based in the United States.
However, the Disputes Chamber has followed Google’s argument that its main office in Europe (Google Ireland) is not responsible for the removal from the search results.
Comments
Category: A Frontpage, Economy, EU, European Commission
