Swedish Data Protection agency fined Google for failing to fully comply with search result removal request
Clashes with data protection forced the Swedish data protection authority to hit Google this week with a 75 million krona fine (£6.1 million). After monitoring Google, the Swedish DPA found that Google didn't fully comply with their orders when they remove a search result listing on a right to be forgotten application request.
After an individual made a right to be forgotten submission which was refused by Google, the data protection authority ordered Google to take action and remove the offending links.
Instead of complying with the the data protection authority, Google agreed to remove a URL link from its search results but then it notified the website operator who in turn, placed the same content under a different URL. Google then allowed the new URL to be found on the search result.
The data protection regulator found this practice to be unlawful because it meant that many articles that Google delisted from its searches, simply reappear under a different URL. It meant that the data that google was asked to remove became very shortly after its removal, accessible via Google Search results.
Following three years of audits by the Swedish DPA, on how Google handled right to be forgotten requests, it discovered that the way in which the website owner was notified of the delisting request, could have resulted in website operators refraining from exercising the request to delist. This undermined the effectiveness of the right to be forgotten process.
The practice, in essence, put the right to delist out of effect. For this reason, the Swedish DPA had also issued a cease and desist order against informing website operators when a right to be forgotten request had been submitted to Google.
Google said it would appeal.