IMY (Sweden) - DI-2022-2351/2372/2373/2374/2375: Difference between revisions
No edit summary |
No edit summary |
||
Line 76: | Line 76: | ||
== Comment == | == Comment == | ||
'' | ''The uploaded decision is one of five nearly identical decisions issued by the Swedish DPA on this matter.'' | ||
== Further Resources == | == Further Resources == | ||
Line 82: | Line 82: | ||
== English Machine Translation of the Decision == | == English Machine Translation of the Decision == | ||
Revision as of 09:26, 25 August 2022
IMY - DI-2022-2351/2372/2373/2374/2375 | |
---|---|
Authority: | IMY (Sweden) |
Jurisdiction: | Sweden |
Relevant Law: | Article 12(2) GDPR Article 17(1) GDPR Article 21(1) GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | 26.07.2022 |
Published: | |
Fine: | n/a |
Parties: | Google LLC |
National Case Number/Name: | DI-2022-2351/2372/2373/2374/2375 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Swedish |
Original Source: | Decision (in SE) |
Initial Contributor: | n/a |
The Swedish DPA reprimanded Google LLC for refusing several requests for search results' removal under Article 17(1) and 21 GDPR. The DPA held that Google could not refuse to assess the continuing relevance and accuracy of the concerned web pages' contents just because they were behind a paywall.
English Summary
Facts
The Swedish DPA assessed five complaints from data subjects who had requested removal of search results in accordance with Article 17(1) and 21 GDPR. All five requests had been denied on the ground that the contents of the web pages in question were inaccessible to Google due to paywalls, and that Google was therefore unable to assess whether the contents were no longer relevant or inaccurate.
After the complaints were filed, Google acted on the requests. Nevertheless, the Swedish DPA assessed Google's explanation for refusing the requests in the first place.
Holding
The DPA held that the data subject had exercised their right to object to the processing in accordance with the GDPR. Pursuant to Article 17(1)(c) GDPR, the burden of proof for the existence of overriding legitimate grounds for the continued processing is on the controller and not the data subject. The DPA highlighted that by denying the requests due to Google's alleged inability to access the contents of the relevant web pages, Google was placing the burden of proof on the data subjects. By this logic, the data subjects would have had to gather additional information from the relevant web pages themselves in order for Google to act on the requests. As a result, the data subjects would in practice be forced to pay to be able to exercise their rights.
Against this background, the Swedish DPA reprimanded Google for violating Articles 12, 17 and 21 GDPR.
Comment
The uploaded decision is one of five nearly identical decisions issued by the Swedish DPA on this matter.
Further Resources
Share blogs or news articles here!