Included in this issue: Google wins landmark right to be forgotten case; ICO open investigation into PM's plans to collect user data on and more...

Google wins landmark right to be forgotten case

The European Court of Justice has ruled that Google does not need to apply the right to be forgotten worldwide, it just has to limit it to European versions of websites.

The ruling stems from a dispute between Google and the French privacy regulator, CNIL, which in 2015 ordered the firm to globally remove search result listings to pages containing damaging or false information about a person. 

In 2016, Google introduced a geo-blocking feature stopping European Users from being able to see delisted links but it abstained from censoring search results for people in other parts of the world. The firm challenged a 100,000 Euro fine CNIL tried to impose. 

Google argued that if the rule were applied outside Europe then it could be abused by authoritarian governments trying to cover up human rights abuses. 

ICO open investigation into PM's plans to collect user data on

The ICO has opened an investigation into the Prime Minister's plans to collect personal user data on the government's public internet service. 

After reports that Boris Johnson asked civil servants to collect "targeted and personalised" user data, the ICO has contacted the government to fully understand its approach to compliance with data protection law. 

Privacy campaigners have raised concerns that collecting user data in this way should not be done without users' knowledge and rigorous checks to ensure data rights are protected. 

ICO issue Swansea based double glazing company with a £150,000 fine and Enforcement Notice

The ICO has fined Superior Style Home Improvements Ltd, a Swansea based double glazing company, £150,000 for making nuisance calls. It has also issued them with an Enforcement Notice to stop making any further calls. 

Over an 11 month period, Superior Style Home Improvements called numerous people whose numbers were registered with the Telephone Preference Service that had not given consent. 

Latest GDPR fines from across Europe

The latest GDPR fines from across Europe include:

  • Hungary – A controller has been fined €15,150 for failing to fulfil its data breach obligations when a flash memory drive with personal data was lost.
  • Belgian – A Belgian retailer requiring consumers to provide their e-identity cards in order to get a store loyalty card has been fined €10,000. The Belgian Authorities found that this practice breached the principle of data minimisation, as the retailer gained access to photos and barcodes linked to the data subject's identification number. 
  • Poland – An online electronics retailer was fined €644,780 for having insufficient security measures in place, leading to a security breach which allowed unauthorised access to the personal data of 2.2m customers.
  • Austria – A company in the medical sector was fined €50,000 for failing to appoint a data protection officer (when this was mandatory for the company) and for failing to provide fair processing information to data subjects.

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile