IMY (Sweden) - DI-2022-2351/2372/2373/2374/2375: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Sweden |DPA-BG-Color= |DPAlogo=LogoSE.png |DPA_Abbrevation=IMY |DPA_With_Country=IMY (Sweden) |Case_Number_Name=DI-2022-2351/2372/2373/2374/23...") |
mNo edit summary |
||
Line 66: | Line 66: | ||
=== Facts === | === Facts === | ||
The Swedish DPA assessed five complaint from data subjects who had requested removal of a search result in accordance with GDPR article 17(1) and 21. All five requests had been denied on the grounds that the contents of the web pages in question were unaccessible to Google due to paywalls, and that Google was therefore unable to assess whether the contents were no longer relevant or inaccurate. | The Swedish DPA assessed five complaint from data subjects who had requested removal of a search result in accordance with [[Article 17 GDPR|GDPR article 17(1)]] and [[Article 21 GDPR|21]]. All five requests had been denied on the grounds that the contents of the web pages in question were unaccessible to Google due to paywalls, and that Google was therefore unable to assess whether the contents were no longer relevant or inaccurate. | ||
Google had | After the complaint were filed, Google had acted on the requests. Nevertheless, the Swedish DPA assessed Google's explanation for refusing the requests in the first place. | ||
=== Holding === | === Holding === | ||
The DPA held that the data subject had | The DPA held that the data subject had exercised their right to object to the processing in accordance with the GDPR. Pursuant to [[Article 17 GDPR|article 17(1)(c)]], the burden of proof for the existence of overriding legitimate grounds for the continued processing is put on the controller and not the data subject. The DPA highlighted that by refusing the requests on the grounds that Google could not access the contents, Google was pushing the burden of proof onto the data subjects. By this logic, the data subjects would have had to gather additional information from the relevant web pages themselves in order for Google to act on the requests. As a result, the data subjects would in practice be forced to pay to be able to exercise their rights. | ||
Against this background, the Swedish DPA reprimanded Google violating the principles of GDPR article 17 and 21. | Against this background, the Swedish DPA reprimanded Google violating the principles of GDPR article 12, 17 and 21. | ||
== Comment == | == Comment == |
Revision as of 13:28, 20 August 2022
IMY - DI-2022-2351/2372/2373/2374/2375 | |
---|---|
Authority: | IMY (Sweden) |
Jurisdiction: | Sweden |
Relevant Law: | Article 12(2) GDPR Article 17(1) GDPR Article 21(1) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | 26.07.2022 |
Published: | |
Fine: | n/a |
Parties: | Google LLC |
National Case Number/Name: | DI-2022-2351/2372/2373/2374/2375 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | [[:Category:|]] [[Category:]] |
Original Source: | [ (in )] |
Initial Contributor: | n/a |
Google LLC reprimanded by the Swedish DPA for refusing several requests for removal of search results
English Summary
Facts
The Swedish DPA assessed five complaint from data subjects who had requested removal of a search result in accordance with GDPR article 17(1) and 21. All five requests had been denied on the grounds that the contents of the web pages in question were unaccessible to Google due to paywalls, and that Google was therefore unable to assess whether the contents were no longer relevant or inaccurate.
After the complaint were filed, Google had acted on the requests. Nevertheless, the Swedish DPA assessed Google's explanation for refusing the requests in the first place.
Holding
The DPA held that the data subject had exercised their right to object to the processing in accordance with the GDPR. Pursuant to article 17(1)(c), the burden of proof for the existence of overriding legitimate grounds for the continued processing is put on the controller and not the data subject. The DPA highlighted that by refusing the requests on the grounds that Google could not access the contents, Google was pushing the burden of proof onto the data subjects. By this logic, the data subjects would have had to gather additional information from the relevant web pages themselves in order for Google to act on the requests. As a result, the data subjects would in practice be forced to pay to be able to exercise their rights.
Against this background, the Swedish DPA reprimanded Google violating the principles of GDPR article 12, 17 and 21.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the original. Please refer to the original for more details.
Now it is possible to blow the whistle to IMY The Privacy Protection Agency (IMY) is one of the authorities that, according to the so-called whistleblower act, must have an external reporting channel for whistleblowing. From now on, it is possible to blow the whistle to IMY if you have information that the person you work for, have worked for, or are looking for work with does not comply with the data protection rules.