Deputy Data Protection Ombudsman ordered Google to delete search results
The Deputy Data Protection Ombudsman has issued four orders to Google for the deletion of search result links. The individuals who filed a complaint with the Office of the Data Protection Ombudsman had requested the deletion of the search result links from searches made with their names, but Google had refused to delete the links.
The Deputy Data Protection Ombudsman issued two orders to Google for removing search result links referring to individuals who had been convicted of a criminal offence. In one of the cases, a search with the individual’s name revealed their personal identity code, while the other contained a sensitive photograph including nudity. The Deputy Data Protection Ombudsman considered such information to fall within the scope of the protection of privacy, even if the individual in question had been convicted of a crime.
The Deputy Data Protection Ombudsman also ordered the removal of search result links concerning a person accused of a crime. The individual had since been acquitted.
In addition, the Deputy Data Protection Ombudsman ordered the deletion of search result links referring to a person who had issued statements as a representative of the individual’s former employer. The individual had served as a PR officer and was not in a managerial position in the company. In her consideration of the matter, the Deputy Data Protection Ombudsman took into account the fact that the search results caused damage to the individual’s reputation and private life.
The Deputy Data Protection Ombudsman issued decisions in a total of nine cases, seven of which involved applicants convicted of criminal offences. The Deputy Data Protection Ombudsman did not order the search result links to be deleted in five of the cases. In her consideration of the matter, the Deputy Data Protection Ombudsman took into account considerations such as the time that had passed from the offence.
Right to erasure during the validity of the EU General Data Protection Regulation
The decisions made by the Deputy Data Protection Ombudsman are the first decisions on the deletion of search results issued in Finland during the validity of the General Data Protection Regulation. The decisions are in line with the Data Protection Ombudsman’s prior practice under the Personal Data Act.
The GDPR gives data subjects the right to erasure of their personal data in certain situations. A consideration of the deletion of search result links involves questions such as whether the data in question is sensitive or whether the individual holds a public position.
Search engine administrators can be asked to delete search result links
Search engine administrators can be asked to delete search results, for example with an electronic form. The administrator can only be asked to delete links resulting from a search made with the individual’s own name. The search engine administrator is required to respond to the request within one month. If the requests are numerous or complex, the search engine administrator can reply that it needs more time for their processing. In such cases, the deadline is extended to three months from the date of the original request.
If the search engine administrator refuses to delete the search results, and the applicant considers the refusal to be unjustified, the applicant can ask the Data Protection Ombudsman to investigate the matter.
The Deputy Data Protection Ombudsman’s decisions can be appealed in the administrative courts.
FAQ on deleting search result links
Summaries of decisions in Finlex (in Finnish)
More information:
Deputy Data Protection Ombudsman Anu Talus, anu.talus(at)om.fi