The administrative court of Stockholm has rejected Google’s appeal against the decision of the Swedish supervisory authority Datatilsynet (“DPA”) and confirmed that Google had violated the provisions of the EU’s General Data Protection Regulation (“GDPR”).
In 2017, the Swedish DPA completed an inspection on how Google handles data subjects’ right to be forgotten to have their search results removed from Google’s search engine when the results are, incorrect, irrelevant or redundant. Following up the inspection, the DPA ordered Google to delete a number of search results.
In 2018, the DPA carried out another inspection to review whether Google had actually complied with the earlier order. The inspection revealed that Google had not removed two of the search results subject to the order, making a too narrow assessment of which URL’s should be removed and not deleting search results fast enough. In March 2020, the Swedish DPA imposed a fine of 7 million euros against Google for failure to comply the DPA’s order. Google appealed the case to the Stockholm’s administrative court.
In its decision dated 23 November 2020, the administrative court of Stockholm rejected Google’s appeal. However, the court lowered the imposed administrative fine from 75 SEK to 52 million SEK (around 5 million euros).
See the press release by the Administrative court of Stockholm here.