Spain: AEPD fines Google LLC for data sharing with Lumen project

On 18 May 2022, the Spanish Agency for Data Protection (AEPD) fined Google LLC EUR 10 million for violating the General Data Protection Regulation (articles 6 and 17) by giving data to third parties without user consent and hindering users from the right of deletion. The fine related to the practice of Google providing data to the "Lumen project", a public database on content moderation decisions. Google provided the Lumen project with data on users requesting the removal of content, including their identification, email, reasons for the removal and URL to the content. The AEPD argued that users were not provided with the option to refuse their data being shared with the Lumen database since this occurred automatically, meaning users did not explicitly consent to the data sharing. Furthermore the AEPD explained that users have no control over the deletion of their data on the Lumen database.