The ADP has sanctioned Google Belgium with a fine for 600.000 euros for the non-observance to the right to be forgotten by a citizen, after that Google has refused his request to declare obsolete articles harmful for his reputation. This is the highest sanction imposed by APS.
Request of Net pages distinction from Google Belgium.

The complainant, who was a public figure in Belgium, asked Google Belgium a deletion request in order to delete the search result into the research engine on his behalf (the so-called dereferencing) . Some of these dereferenciated parts talk about politics, and another part about harassment that were denounced unfounded a few years before. Google has decided to not underestimate any of these pages.

Right to be forgotten.

Talking about page concern politics, the DPA Litigation Chamber has considered that, in view of the complainant’s role in public life, it was better to maintain its reference for the public interest and so agreed with Google.

On the other hand, talking about pages related to claims against the complainant, the APD has thought that the dereference request has been found on Google breach. Because in fact, even if it is not sure, these facts can have a negative impact on the complainant, right and interest of the data subject must prevail. According to the Litigation Chamber, Google was particularly careless, because the society had irrelevant proofs and not updated facts.

Hielke Hojmans, the Litigation Chamber President: “Into the right to be forgotten, we need to find a balance between, one hand the public right to have access to information, and from the other one data subject interests. If some mentioned articles by the complainant can be considered necessary to the right to be informed, related to unfounded harassments about ten years ago, they must be forgotten.
Keeping connection using the research engine, widely used by users, can cause serious damages to the complainant’s reputation, Google has shown a clear carelessness.”

Sanction: fine of 600.000 euros.

The APD has sanctioned Google for 600.000 euros for not having differentiated the page with obsolete claims of the complainant, for the lack of information given to the complainant in order to justify also the rejection of the discretion for the lack of transparency.

It has ordered Google to stop the reference into the interested pages in the EEA and to adopt its dereference request forms in order to provide more clearness in relation to which entities are responsible for this data process.

This sanction imposed to Google is the highest decided by APS. Till today, the highest sanction by the Litigation Chamber was
about 50.000 euros.

Hielke Hijmans adds: “This is a historical decision for personal data protection in Belgium, not only for the fine amount but also because it guarantees the complete and efficient protection of the citizen inside the files related to big international groups like Google, which structures is too complex.”

The APS jurisdiction towards Google Belgium,

In this case, Google has argued that the claim can be based on how it was proposed against Google Belgium, instead of the controller is not the subsidiary Belgium of Google, but the LLC Google, with registered offices in California.

The Litigation Chamber has not approved this argument. According to it, the Google Belgium and LCC Google activities are inseparably connected, and the Belgium subsidiary can be responsible.

This is fundamental in order to guarantee an efficient and complete protection of the GDPR, because it is not easy for a National Authority to exercise an efficient control in Europe and impose sanctions against a USA society.

The Litigation Chamber, anyway, has following the Google argumentation, under which its principal headquarters in Europe (Google Ireland) is not responsible for the dereferention.

David Stevens, President of the APS: “This decision is not only important for our Belgian citizens, but is also proof of our ambition to better protect privacy” online “in collaboration with our European counterparts, which calls for concrete action against actors active around the world. In this way, we want to actively contribute to the development of a true culture of data protection at European level. ”