argomento: News del mese - Diritto Internazionale e Comunitario

Articoli Correlati: Spain - sanction to google - violation of GDPR

The Spanish Data Protection Authority (AEPD) issued a decision fining Google LLC for breaching the E.U.’s General Data Protection Regulation (GDPR) by illegitimately transferring personal data of European citizens to third parties and for hindering the exercise of the right to erasure. It was after anonymous individuals filed various complaints against the big-tech company alluding the inadequate processing of personal data obtained from a particular form which had to be completed by the users who wanted to require the removal of a certain content in Google in exercise of their erasure rights. This form had to be filled out with their personal information such as names, last names, nationality, email address, etc. The conflicted processing was not the information collection, but its transfer to the "Lumen Project", a third-party company that received access to the users' removal requests, processed and even published them as a way of managing such claims and removing the content when appropriate. Google was justifying the processing through the maintaining of transparency of the content removal claims to protect other's rights such as intellectual property, trademarks, right to honor, rights of defense, etc. AEPD concluded that Google violated the GDPR, specifically articles 6 (lack of lawfulness) and article 17 (right to erasure and to be forgotten), condemning them to pay in total a 10 million euros fine. The imposition of this penalty was not undeliberate, the AEPD considered some facts to impose this administrative fine, such as the nature, gravity and duration of the infringement, the intentionality or negligence of the controller, whether there is a use of sensible data, the entailment between the use of data and the controller’s activity and the responsibility degree of the controller and the measures they applied.