Google to Pay Millions for Violating the Right to be Forgotten in Sweden. The Swedish data protection authority imposed a fine totaling 7 million Euros on Google for violating the right to be forgotten under the General Data Protection Regulation (the "GDPR").

In an audit conducted by the regulator in 2017, it found that Google did not properly comply with individuals' right to be forgotten from the search engines, and ordered Google to comply. In 2018, after receiving indications that Google had not fully complied with the previously issued order, the regulator initiated a follow-up audit. It found that Google did not properly remove two of the search result listings that the regulator ordered in 2017.

Google also notified the website operators when it removed their search result. It had disclosed information about who submitted the request to be forgotten. This enabled the website operator to republish the content in question on a different web address.

The regulator found that Google lacked a legal basis to provide such notification to website operators and that this practice undermines the effectiveness of the right to be forgotten.

CLICK HERE to read the Swedish Data Protection Authority's decision (in Swedish).

Polish Regulator Penalizes a School for Processing Biometric Data of Children. The Personal Data Protection Office in Poland imposed a $5,000 fine on a local school for using biometric identification as a means for children to use the school's canteen. It also ordered the destruction of the data collected.

The school has been using a biometric reader at the entrance to the school canteen to identify the children and verify the payment. The school obtained the consent of the children's legal guardians for such processing and allowed to use the school's canteen by alternative means of identification. However, the regulator found that the school would send students without biometric identification to wait at the end of the line until all students with biometric identification entered the canteen. According to the regulator, this practice favors students with biometric identification and introduces unequal treatment of students and their unjustified differentiation.

CLICK HERE to read the Polish Data Protection Authority's decision (in Polish).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.