2B Advice
TEL: +49 (228) 926165100
Data Privacy Knowledge

Mexico Initiates Sanctions Against Google

Mexican Authority IFAI Initiated Legal Proceeding

by R. Morte

In Europe, the European Court of Justice has forced Google to remove certain terms from search results. Since then, anyone can request the deletion of certain articles from the search index, and Google complies in many cases. The right to be forgotten is occupying Google outside of Europe as well, as shown in a case now in Mexico.

On September 9, 2014, the Mexican data protection authorities, Instituto Federal de Acceso a la Información y protección de Datos (IFAI), received an inquiry from an affected citizen who received no response to his request to Google Mexico for deletion of his personal data. The IFAI initiated a legal proceeding against Google Mexico for the protection of civil rights. The response from Google Mexico was that they do not perform data processing and that the office responsible for such data processing would be Google Inc.

The IFAI did not accept this argument as valid and on January 26, 2015, initiated sanction proceedings against Google Mexico.

The IFAI has raised the following issues in the analysis of the case:

  1. Google Mexico, S. de R.L. de C.V. is a company under Mexican law, and in accordance with the LFPDPPP (Mexican federal data protection law) is therefore the responsible body for data processing in the search engine.
  2. The services of the search engine are specified as the company’s purpose in the company’s articles of association.
  3. Google Mexico, S. de R.L. de C.V. processes personal data if this data is entered into their search engine and indexed.
  4. Google México, S. de R.L. de C.V. could not prove that this data processing was performed by another company.

It seems that the “right to be forgotten” is being asserted outside of Europe more and more, and it is becoming more important for many companies to watch and consider this development. Those who offer or want to offer comparable search services should also adapt to these standards even if the company does not operate the service in Europe.

Similar Blog Posts

Information Needed For Companies for the Whistleblower Directive Information Needed For Companies for the Whistleblower Directive

Initially, the EU Whistleblower Directive was supposed to be effective by December 17, 2021. However, the legislative process failed.

Right of Access by the Data Subject Right of Access by the Data Subject

The right of access, enshrined in Art. 15 of the GDPR, gives data subjects the right to obtain from the controller.

Subject Access Request Automation Subject Access Request Automation

Individuals have the right to access their personal data, commonly referred to as subject access. But can this process be automated?


Blog Categories