Skip to content Skip to sidebar Skip to footer

Update | Wikipedia must also comply with the GDPR: this has been established by the Italian Data Protection Authority

Does Wikipedia have to comply with the GDPR and privacy rules? The Italian Data Protection Authority (‘Garante‘) recently expressed its views on the concepts of de-indexing and deletion of a news item related to a judicial matter dating back to 2017 published on a webpage of Wikipedia, the well-known online encyclopaedia.

The issue originated from a complaint by an individual who complained about the failure to remove, from the Wikipedia webpage referred to him, a plea bargaining sentence that had seen him charged with the crimes of sexual assault and possession of child pornography.

The complainant, in particular, had sent a request to the Wikimedia Foundation Inc., creator of the encyclopedia (“Foundation”), for access to his personal data and the removal of the biographical article related to him, or alternatively, the adoption of technical measures to deindex the article from search engines based on the assumption that the public had already become aware of the news and that its continued online presence had caused reputational damage to him with repercussions on his family relationships and social life.

The Foundation, despite having promptly contacted the interested party, defended itself by arguing that the GDPR did not apply to the present case since Wikipedia only hosts information entered by the community of volunteers but does not offer a service.

In reality, the Foundation provides, through the Wikipedia site, information services on a wide variety of topics, also aimed at the European market, regardless of the fact that they are free of charge. Therefore, given the Foundation’s intention to also target the European market, the Garante clarified that the Foundation is fully subject to the application of the GDPR, despite not having an establishment in Europe (but having appointed a European representative).

The Garante, in its decision, drew a line between the deletion of the article and its deindexing from search engines.

Indeed, on the one hand, with reference to the deletion, it pointed out that:

  • the data processing was carried out, at the time of the news publication, in the exercise of the right to freedom of expression and was in response to the public’s interest in knowing the facts;
  • retaining the article in the website’s archive serves a legitimate purpose of historical-documentary interest;
  • a website’s archive, like that of an online newspaper, plays a role in reconstructing historical events, especially when they concern people who play a certain role in public life.

As for the request for deindexing, the Garante found the complaint to be justified, giving the Foundation a period of forty days to take steps to make the news item non-searchable online (for example, through the application of the “NOINDEX” metatag), as there are currently no reasons of public interest in the news’s discoverability.

To read the Italian text of the measure, click here.

Leave a comment

La “Certificazione B Corporation” è un marchio che viene concesso in licenza da B Lab, ente privato no profit, alle aziende che, come la nostra, hanno superato con successo il B Impact Assessment (“BIA”) e soddisfano quindi i requisiti richiesti da B Lab in termini di performance sociale e ambientale, responsabilità e trasparenza.

Si specifica che B Lab non è un organismo di valutazione della conformità ai sensi del Regolamento (UE) n. 765/2008 o un organismo di normazione nazionale, europeo o internazionale ai sensi del Regolamento (UE) n. 1025/2012.

I criteri del BIA sono distinti e autonomi rispetto agli standard armonizzati risultanti dalle norme ISO o di altri organismi di normazione e non sono ratificati da parte di istituzioni pubbliche nazionali o europee.

“Certified B Corporation” is a trademark licensed by B Lab, a private non-profit organization, to companies like ours that have successfully completed the B Impact Assessment (“BIA”) and therefore meet the requirements set by B Lab for social and environmental performance,accountability, and transparency.

It is specified that B Lab is not a conformity assessment body as defined by Regulation (EU) no. 765/2008, nor is it a national, European, or international standardization body as per Regulation (UE) no. 1025/2012.

The criteria of the BIA are distinct and independent from the harmonized standards resulting from ISO norms or other standardization bodies, and they are not ratified by national or European public institutions.