The Spanish Agency for Data Protection has issued a resolution fining Google 10 million euros and Vodafone Spain 3.94 million for breaching the General Data Protection Regulation (RGPD).

The RGPD is the European regulation related to the protection of natural persons with regard to the processing of their personal data and the free circulation thereof.

According to the resolution of the Spanish body, published this Wednesday in the Official State Gazette (BOE) and dated May 9, the sanction imposed on Google is due to the breach of article 6 and article 17 of the RGPD, in which regulate the legality of data processing and the ‘right to be forgotten’, respectively.

For its part, Vodafone Spain has been fined almost 4 million euros for violating part of article 5 of the Regulation, which regulates the guarantees for the confidentiality and integrity of personal data.

By virtue of the Organic Law on Data Protection and guarantee of digital rights, the Spanish Data Protection Agency is obliged to publish these sanctions in the BOE when they affect legal persons and their amount exceeds one million euros.

A Google spokesperson has told Europa Press that the company is reviewing the decision and will continue to interact with privacy regulators to reassess the company’s practices.

“We always try to find a balance between the right to privacy and our need to be transparent and accountable about our role in moderating online content. We have already begun to reassess and redesign our data sharing practices with Lumen in light of the AEPD’s considerations,” the spokesperson said.

Lumen is a Harvard University project that seeks to help researchers and the public understand takedown requests for online content.