AEPD (Spain) - EXP202202000: Difference between revisions
No edit summary |
No edit summary |
||
| Line 63: | Line 63: | ||
}} | }} | ||
The Spanish DPA held that Google LLC | The Spanish DPA held that Google LLC was under a legal obligation to preserve search results relating to an employee selection process at a public body and rightfully rejected a data subject's request to de-index the search results relating to their name. | ||
== English Summary == | == English Summary == | ||
=== Facts === | === Facts === | ||
The data subject exercised their right to erasure by requesting Google LLC (''controller'') to | The data subject exercised their right to erasure by requesting Google LLC (''controller'') to de-index search results of four URLs that contained their personal data. The controller rejected this request twice. The data subject then filed a complaint with the Spanish DPA. During the investigation, the controller reconsidered and removed two of the four URLs. The two remaining URLs concerned an employee selection process at the State General Administrative Body. A provisional list of candidates and assessments were published in relation to the selection process. | ||
The | The controller stated that the two remaining URLs refer to information that is of public interest. It argued that institutional websites play an important role in keeping citizens informed on matters of interest to them. The information there should therefore be accessible without restrictions. The controller argued that the CJEU had held that search results should only be de-indexed after a balancing test of the rights at stake, namely the right to be forgotten and freedom of information. The right to be forgotten cannot imply a retrospective censorship of information correctly published at the time. | ||
The | === Holding === | ||
The DPA noted that under [[Article 17 GDPR#3b|Article 17(3)(b) GDPR]], personal data shall not be erased if their processing is necessary to comply with a legal obligation imposed by Union or Member State law. Pursuant to domestic Law 39/2015 on administrative procedures, administrative acts shall be published (1) if this is laid down in the rules of procedure or (2) when the competent body deems it appropriate due to reasons of public interest.<ref>Law 39/2015, of 1 October, on the Common Administrative Procedure of Administrations.</ref> | |||
The DPA held that the accessibility of publications on the website of a public institution guarantees legal certainty and administrative transparency. Therefore, it may be in the public interest to keep the URLs. Thus, the balance that Google LLC struck in its decision to reject the de-indexing requests was permissible. | |||
The DPA dismissed the data subject's claim with respect to the two remaining URLs. | The DPA consequently dismissed the data subject's claim with respect to the two remaining URLs. | ||
== Comment == | == Comment == | ||
Revision as of 15:40, 7 September 2022
| AEPD - PD-00081-2022 | |
|---|---|
 | |
| Authority: | AEPD (Spain) |
| Jurisdiction: | Spain |
| Relevant Law: | Article 17 GDPR Article 17(3)(b) GDPR |
| Type: | Complaint |
| Outcome: | Rejected |
| Started: | 02.02.2022 |
| Decided: | 16.08.2022 |
| Published: | 16.08.2022 |
| Fine: | n/a |
| Parties: | Google LLC |
| National Case Number/Name: | PD-00081-2022 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Spanish |
| Original Source: | AEPD (in ES) |
| Initial Contributor: | PL |
The Spanish DPA held that Google LLC was under a legal obligation to preserve search results relating to an employee selection process at a public body and rightfully rejected a data subject's request to de-index the search results relating to their name.
English Summary
Facts
The data subject exercised their right to erasure by requesting Google LLC (controller) to de-index search results of four URLs that contained their personal data. The controller rejected this request twice. The data subject then filed a complaint with the Spanish DPA. During the investigation, the controller reconsidered and removed two of the four URLs. The two remaining URLs concerned an employee selection process at the State General Administrative Body. A provisional list of candidates and assessments were published in relation to the selection process.
The controller stated that the two remaining URLs refer to information that is of public interest. It argued that institutional websites play an important role in keeping citizens informed on matters of interest to them. The information there should therefore be accessible without restrictions. The controller argued that the CJEU had held that search results should only be de-indexed after a balancing test of the rights at stake, namely the right to be forgotten and freedom of information. The right to be forgotten cannot imply a retrospective censorship of information correctly published at the time.
Holding
The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary to comply with a legal obligation imposed by Union or Member State law. Pursuant to domestic Law 39/2015 on administrative procedures, administrative acts shall be published (1) if this is laid down in the rules of procedure or (2) when the competent body deems it appropriate due to reasons of public interest.[1]
The DPA held that the accessibility of publications on the website of a public institution guarantees legal certainty and administrative transparency. Therefore, it may be in the public interest to keep the URLs. Thus, the balance that Google LLC struck in its decision to reject the de-indexing requests was permissible.
The DPA consequently dismissed the data subject's claim with respect to the two remaining URLs.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.
(June 28, 2022). The director of the Spanish Agency for Data Protection (AEPD), Mar España Martí, and the president of UNICEF Spain, Gustavo Suárez Pertierra, have signed a General Protocol of Action for the development of actions aimed at the protection of...
- ↑ Law 39/2015, of 1 October, on the Common Administrative Procedure of Administrations.
