The Spanish Agency for Data Protection (AEPD) has imposed a fine of 10 million euros, the highest to date, for two "very serious" infractions against Google for "giving data to third parties without legitimacy for it and hindering the right suppression of citizens.
The agency reprimands the technology company for not respecting the will of some users that their data cease to be public (the so-called right to be forgotten).
In addition to the economic sanction, the AEPD urges the company to modify the process by which citizens can exercise that right.
The penalty, published today in the
Official State
Gazette (BOE), where all those exceeding one million euros must be recorded, responds to two complaints raised in September and October 2018 and related to the Lumen Project.
This is a database compiled by Harvard University from requests made by citizens who want to exercise their right not to appear on the Internet.
The AEPD understands that, by sending the data of these people to the Harvard list, which ends up being disclosed on the Internet, what Google does "means in practice to frustrate the purpose of exercising the right of suppression".
The regulator also resolves that the technology company must delete all personal data that has been the subject of a request for the right of deletion communicated to the Lumen Project.
It also states that you are obliged to urge the Harvard University project to delete and stop using the personal data that it has transferred to you.
The AEPD points out the cumbersome process that must be followed by those who wish not to appear in the search engine's databases.
“The system designed by Google, which leads the interested party through various pages to complete their request, forcing them to previously mark the options that are offered, can cause them to end up marking an option that suits the reasons they consider appropriate. to your interest, but that separates you from your original intention, which may be clearly linked to the protection of your personal data, unaware that these options place you in a different regulatory regime because Google has wanted it that way, or that your request will be resolved according to the internal policies established by this entity”, explains the resolution.
Asked by this newspaper, a Google spokesman assures that they are "reviewing the decision" and that they will continue to collaborate with the AEPD to examine their actions.
“We always try to find a balance between the right to privacy and our need to be transparent and accountable about our role in moderating online content.
We have already begun to reassess and redesign our data exchange practices with Lumen in light of the considerations of the AEPD”, point out those same sources.
In addition to the fine to Google, today another has been announced to Vodafone, in this case of 3.94 million euros, for not guaranteeing the security of the personal data of its clients.
Last year, the communications company received what was to date the largest fine imposed by the AEPD: eight million for having fraudulently carried out
marketing
and commercial prospecting actions through calls and sending emails.
You can follow
EL PAÍS TECNOLOGÍA
on
and
or sign up here to receive our
weekly newsletter
.