Google was fined by the AEPD and ordered to come into compliance after GDPR violations relating to Lumen Project data transfers.
The AEPD has issued a decision in the case against Google LLC, which states that the company has committed two very serious GDPR violations. The Spanish Data Protection Agency decided to impose a fine of 10 million euros on Google LLC, for sharing data with third parties without a legal basis to do so, and for infringing upon citizens’ right to erasure. This case concerned the transfer of requests regarding the removal of content from Google’s various products and platforms, such as Google search and YouTube, to a third party, called the ‘Lumen Project’.
User data was being unlawfully transferred to a third party, the Lumen Project, when customers requested that their data be erased.
As a result of this infringement, Google was fined and ordered to come into compliance.
The AEPD explained in its decision that, once the request for removal of content has been submitted and the right has been met, meaning the deletion of personal data has been agreed upon, “there is no possibility of subsequent processing of the same, as is the communication that Google LLC makes to the Lumen Project. Google was hit with a fine for €10 million for the two infractions and is also expected to delete all the personal data that has been the subject of a request for the right to erasure, which was transferred to the Lumen Project. The company is also expected to urge the Lumen Project to delete, and cease the use of, the personal data that it has received.
Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.