Issue with how Google Search displays my personal data

Gemini API
1

This post does not contain hateful or abusive content. I am reporting a data‑protection issue because Google Search displays my personal data to others. I have the right to describe how my own personal data is being processed. Removing such a report as “offensive” is unjustified

FireShot Capture 009 - bitu79 istókovics györgy ki - Google-keresés - www.google.com
FireShot Capture 009 - bitu79 istókovics györgy ki - Google-keresés - www.google.com1920×3182 663 KB

FireShot Capture 010 - bitu79 istókovics györgy ki - Google-keresés - www.google.com
FireShot Capture 010 - bitu79 istókovics györgy ki - Google-keresés - www.google.com1920×3182 686 KB

FireShot Capture 011 - The AI-generated overview does not merely display public informatio_ - discuss.ai.google.dev
FireShot Capture 011 - The AI-generated overview does not merely display public informatio_ - discuss.ai.google.dev1920×7393 1.54 MB

FireShot Capture 013 - Complaint regarding unlawful personal data processing and automated_ - mail.google.com
FireShot Capture 013 - Complaint regarding unlawful personal data processing and automated_ - mail.google.com1608×9936 1.7 MB

FireShot Capture 014 - Flagged post removed by staff - Google AI Developers Forum_ - discuss.ai.google.dev
FireShot Capture 014 - Flagged post removed by staff - Google AI Developers Forum_ - discuss.ai.google.dev676×5129 1.25 MB

The AI overview does not merely display public information; it automatically analyzes,
interprets, summarizes, and cross‑links personal data about me, thereby generating new
personal data. This constitutes an independent data‑processing operation under the GDPR,
for which Google has no legal basis. Public availability of data does not authorize
automated analysis, profiling, or inference.

Under GDPR Article 4(2) — official EU source:
https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e1888-1-1 — “processing” means any
operation performed on personal data, automated or not, including collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure, or destruction. Automated analysis, interpretation,
summarization, linking, or generating new information from personal data also qualifies as
processing, even if the original data was publicly available. Displaying information is not
the same as processing it; automated analysis and inference always require a valid legal
basis.

The system repeatedly performs:

-- Cross‑platform identity aggregation
– Automatic linking of usernames to real‑world identity
– Compilation of activity from unrelated forums
– Presentation of these inferences as factual statements
– No consent, no opt‑out, no transparency

This is not a hallucination.
It is a reproducible pattern across multiple queries.

This raises several issues:

  1. Unauthorized personal data processing
  2. Profiling without consent
  3. Cross‑platform identity correlation
  4. Opaque data sources and inference mechanisms
  5. No mechanism to request correction or deletion
  6. No transparency regarding how identity inferences are generated

This is a systemic integrity and data‑protection problem, not an isolated output.

I request clarification on:

-- Why the system links usernames to real identities
– What data sources are used for these inferences
– Whether this behavior is intentional or emergent
– How users can request removal of unauthorized identity associations
– How this complies with GDPR Articles 5, 6, 12, 14, and 22

This constitutes a data‑protection incident requiring a mandatory, human and substantive
response from the Google AI team.

This post does not contain hateful or abusive content. I am reporting a personal‑data misuse issue, and the attached video is evidence. The video shows Google removing my previous report, the DPC notification, and the reuploaded post. This is factual documentation of how my personal data is being handled, and it is not a violation of any community guideline.

Corrected AI Summary this post

This is the corrected AI summary for this post.
It accurately describes the issue as personal‑data misuse, not “offensive content.”

Bitu79 reports a case of personal data misuse by Google Search’s AI Overview.
They document that the AI processes, analyzes, and publicly displays their personal data without consent, without a legal basis, and without any opt‑out mechanism, which constitutes unlawful personal‑data processing under GDPR.
The system links usernames to real identities, aggregates activity across platforms, and generates new personal data about the user.
Bitu79 provides video evidence showing Google deleting their previous report and the DPC notification.
This is a reproducible data‑protection incident requiring a mandatory human response.

I have also contacted the Hagens Berman legal team (tipline@hbsslaw.com) because Google is arbitrarily removing evidence and suppressing my reports.
All of my documented posts can be found here:

-- Deletion contradictions:
https://discuss.ai.google.dev/t/statement-on-the-contradiction-between-google-s-deletion-promises-and-the-actual-technical-behavior-of-the-gemini-system/143831

-- Video proof of ghost sessions:
https://discuss.ai.google.dev/t/deleted-chats-in-google-ai-studio-remain-fully-accessible-and-functional-for-32-days-video-proof-no-actual-deletion-happening/143400

-- Cross‑tenant data exposure:
https://discuss.ai.google.dev/t/cross-tenant-data-exposure-in-google-ai-studio-deleted-prompt-persisted-re-indexed-and-replicated-into-a-different-account/144227

-- Forced AI integration in Search:
https://discuss.ai.google.dev/t/google-s-experimental-ai-claim-is-false-search-has-been-ai-integrated-for-years/144798

-- Ignored GDPR requests:
https://discuss.ai.google.dev/t/evidence-of-google-ai-studio-data-retention-and-deletion-failure-gdpr-relevant-do-not-remove/144368

Current post (Google Search personal‑data issue):
https://discuss.ai.google.dev/t/issue-with-how-google-search-displays-my-personal-data/145329

Hagens Berman legal team (tipline@hbsslaw.com) Internet Archive backup:

2

Google Search AI – Unlawful Profiling and Cross‑Platform Personal Data Linking (New Evidence)

GDPR terms that describe what happened (with official links)

1. Profiling
Automated processing that evaluates or predicts personal aspects about a person.
Official text:
https://eur-lex.europa.eu/eli/reg/2016/679/art_4/par_4/oj

2. Automated decision‑making
When an AI system generates outcomes about a person without human involvement.
Official text:
https://eur-lex.europa.eu/eli/reg/2016/679/art_22/oj

3. Unlawful processing
Processing personal data without a valid legal basis.
Official text:
https://eur-lex.europa.eu/eli/reg/2016/679/art_6/oj

4. Data combination / identity linking
Combining data from multiple sources for a new purpose without consent.
Official text:
https://eur-lex.europa.eu/eli/reg/2016/679/art_5/oj

5. Inference of new personal data (AI‑generated personal data)
AI‑generated conclusions about a person count as new personal data under GDPR.
Your requested link:
https://www.edpb.europa.eu/system/files/2024-12/edpb_guidelines_202402_article48_en.pdf

6. Lack of transparency
The system must tell you what data it uses and why.
Official text:
https://eur-lex.europa.eu/eli/reg/2016/679/art_13/oj

7. Data protection by design failure
If an AI system exposes or links personal data by default, it violates Article 25.
Official text:
https://eur-lex.europa.eu/eli/reg/2016/679/art_25/oj

3

According to the GDPR, this constitutes the creation of new personal data through inference as a result of profiling. Google had no legal basis (such as consent) for performing this operation. In legal terms, this is called unlawful data processing, which carries the highest categories of administrative fines under the GDPR.
If Google Search AI performed this automatically in my case, then it is doing the same to tens of millions of EU citizens.

The other extremely serious issue in AI Studio is the dark pattern:
I have demonstrated that Google misleads users about the function of the “Delete” button. The data is not actually deleted in the backend, and the model continues to learn from it. This constitutes consumer deception (consumer fraud).

https://discuss.ai.google.dev/t/statement-on-the-contradiction-between-google-s-deletion-promises-and-the-actual-technical-behavior-of-the-gemini-system/143831

4

I have video evidence that Google Search AI performs unlawful profiling, identity linking, and AI‑generated inference of new personal data without consent.
This violates GDPR Articles 5, 6, 7, 12–22 and 25 — the highest fine category (4% global revenue).

I also documented a dark pattern in Google AI Studio: the ‘Delete’ button does NOT delete data.
The model continues learning from it.
This is consumer deception.

Both issues are reproducible and global.
My YouTube video shows the evidence.

5

Google Search AI is not “just making inferences”. Under GDPR Article 4(4), inference is profiling when it evaluates or predicts personal aspects of an identifiable person.

In the uploaded GDPR text, it states:

“Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects […] to analyse or predict behaviour, preferences, interests, etc.”
(GDPR Article 4(4), from the uploaded document)

This means:

  • if Google AI uses search results, forum posts or any online data
    to infer new personal data about me,

  • then this is profiling,

  • and it requires a lawful basis under Article 6,

  • which Google does not have.

Inference = profiling.
There is no legal distinction.
Calling it “just inference” does not remove GDPR obligations.

My video evidence shows that Google Search AI links my real identity with my online alias and generates new personal data about me.
This falls under the highest GDPR fine category (Articles 5, 6, 7, 12–22, 25).

https://gdpr-text.com/hu/read/article-4/