News & Views

Google Fined SEK 75 Million by the Swedish DPA for Breach of the GDPR’s ‘Right to Be Forgotten’

12 March 2020

The Swedish Data Protection Authority (DPA) has imposed an administrative fine of SEK 75 million (approx. EUR 7 million) on Google for a breach of the General Data Protection Regulation (GDPR). The administrative fine was imposed because Google, according to the Swedish DPA, has failed to fulfil individuals’ requests to be delisted from Google’s search engine, i.e. ‘the right to be forgotten’.

In 2017, the Swedish DPA conducted an audit regarding Google’s compliance with the right to be forgotten. Following the audit, the Swedish DPA ordered Google to delist a number of search results. In a follow-up audit now completed, the Swedish DPA found that Google has not fully complied with the order made in 2017. For example, according to the DPA, Google has implemented measures under which a site owner is notified of a request in a way that allows the site owner to republish delisted information at another web address that is then be displayed in the Google search results. This process could result in individuals refraining from exercising their right to request delisting, thereby undermining the effectiveness of this right.

For more information, read the full press release here.