Google Will Appeal Latest GDPR FineSweden's Privacy Watchdog Hits Company With $8 Million Penalty
Google will appeal the latest General Data Protection Regulation fine levied against the company. Sweden's Data Protection Authority fined the company 75 million kroner ($7.8 million) for failure to remove search results related to "right-to-be-forgotten" requests under GDPR.
On Wednesday, Sweden's privacy watchdog issued the fine after Google did not properly remove two search result listings. The case stems from an investigation that the agency began in 2017.
Under the EU's right-to-be-forgotten regulation, which was enacted in 2014 and was strengthened with the passage of GDPR in 2018, Google and other search engines are required to hide certain pages from search results if a consumer requests it.
Under GDPR, organizations are required to provide Europeans with a copy of the personal information they store on them upon request. In addition, consumers can request that their personal details be "forgotten," although that right to be forgotten is not absolute, according to the EU law (see: Europe's Strong GDPR Privacy Rules Go Into Full Effect).
When Sweden's Data Protection Authority examined these latest complaints against Google, it found that company did not live up to its obligations under the law. While the original case stems from 2017, a follow-up audit in 2018 by the agency found that the company did not properly removes the links as requested.
"In one of the cases, Google has done a too narrow interpretation of what web addresses needed to be removed from the search result listing. In the second case Google has failed to remove the search result listing without undue delay," according to the report.
The Swedish regulator also criticized Google for its practice of informing the websites' owners that these links were due to be removed, which then allowed the owners to move the information to a different web address, according to the report.
A Google spokesperson told Information Security Media Group Thursday that "we disagree with this decision on principle and plan to appeal."
Over the years, Google has been one of the main targets of these right-to-be-forgotten requests. The company reports that it has been asked to remove about 3 million links since 2014 and has responded to some 900,000 of these requests.
And while the fine from Sweden is relatively small for a company that posted $161 billion in revenue in 2019, Google has been fined by other countries under GDPR. For example, the company is appealing a $57 million fine levied by France's National Data Protection Commission after two advocate groups filed privacy complaints (see: France Hits Google With $57 Million GDPR Fine).
The Swedish Data Protection Authority announcement comes at a time when various U.S. tech companies continue to face increased privacy scrutiny from European regulators for issues ranging from data breaches to data use and transparency.
In February, the Irish Data Protection Commission released its annual report, which shows that the country's privacy watchdog had 21 open GDPR-related inquiries into several of the world's largest technology firms, including Facebook and Twitter as well as Google (see: Irish Privacy Report Gives Glimpse Into GDPR Investigations).