Google must remove search data if proven inaccurate, EU court says

8 Dec 2022

Image: © wolterke/Stock.adobe.com

The EU’s Court of Justice ruled in favour of the right to be forgotten, while WhatsApp’s challenge to a decision that led to a €225m fine was dismissed.

The EU’s top court has ruled that Google must remove data from search results if a user can prove that it’s inaccurate.

The ruling was made in a recent case that was connected to the right to be forgotten, which gives individuals the right to have their data erased by data controllers under specific grounds.

The case concerned two executives from a group of investment companies who asked Google to remove search results linking them to articles. These articles criticised the group’s investment model and allegedly had “inaccurate claims”.

Google had previously refused to comply with the request, stating that it was unaware whether the information contained in those articles was accurate or not. The company had also been asked to remove photos of the executives from search results.

The case was brought before the Court of Justice of the European Union (CJEU), which ruled that service providers must “de-reference information” if a person making the request can prove the information is “manifestly inaccurate”.

Ross McKenzie, data protection partner at law firm Addleshaw Goddard, said the result is “unsurprising” due to earlier case law.

“The EU has been taking an increasingly proactive approach in forcing online service providers to take more responsibility for the information they host,” McKenzie said. “The impact of sharing misinformation can have significant consequences for individuals. Service providers will need to continue their efforts in ensuring they police the content they serve.”

In 2019, Google won a case against a French regulator that wanted the search engine to delist links about EU citizens across all its sites globally.

WhatsApp loses appeal

Meanwhile, the CJEU also dismissed an appeal by WhatsApp on a decision issued by the EU’s key GDPR watchdog, which led to a massive €225m fine for the messaging service.

The fine related to possible breaches in data and transparency regulations being committed by WhatsApp. Ireland’s Data Protection Commission had issued a draft decision to other supervisory authorities within Europe but eight of these rejected aspects of the draft.

This forced the European Data Protection Board (EDPB) to issue a binding decision on 28 July 2021, which led to the DPC issuing the €225m fine.

WhatsApp challenged that decision before an Irish court and also appealed to the CJEU annul the EDPB’s ruling. However, the EU court ruled that WhatsApp’s action was “inadmissible”.

The CJEU noted in the ruling that the decision by the GDPR watchdog could be challenged before a national court.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com