A Spain-focused guide for businesses that need to assess a defamatory Google review, preserve online evidence, use Google policy and consider proportionate legal escalation. For a business operating in Spain, a harmful Google review is a publication, a digital-evidence event, a Google policy issue and sometimes a Spanish honour, privacy or unfair-competition risk.
Read this article together with the Spain English guide to defamatory Google reviews and Spain Google review removal support. These two internal PimLegal links place the topic inside the Spain English resource library and wider online reputation strategy.
Legal issue framing
The matter concerns a Google review accusing a Spanish business of fraud, theft, falsified records, unsafe conduct or professional dishonesty. In Spain, the analysis should not start with the star rating alone. A one-star review may be commercially painful but lawful; a short sentence may be serious if it asserts a specific false fact about fraud, safety, discrimination, professional dishonesty, forged documents or private data.
The key question is whether the wording communicates a verifiable factual allegation that harms honour or business reputation, or whether it remains protected opinion or consumer criticism. That question controls whether the file should be treated as honour-rights work under Organic Law 1/1982, a possible calumnia or injuria issue, a denigration or unfair-competition concern, a privacy/GDPR matter, a Google policy report, or a combination of those routes.
The starting point is the balance between Articles 18 and 20 of the Spanish Constitution. Honour, privacy and image rights must be weighed against expression and truthful information. Organic Law 1/1982 provides the core civil honour framework, while the Criminal Code should be reserved for genuinely serious calumnia or injuria analysis rather than used as routine pressure.
In business review disputes, Article 1902 of the Civil Code may also matter where fault, damage and causation can be shown outside a pure honour-rights analysis. If a competitor, broker or organised campaign is suspected, the Unfair Competition Act can become relevant, especially around denigration and market distortion. Those labels should follow the evidence, not replace it.
Evidence checklist
For this issue, the priority evidence is: full review URL, reviewer profile, exact wording, browser-bar screenshots, appointment checks, invoices, CRM searches, messages, Google report IDs and evidence of impact on enquiries. Evidence should be preserved before any public reply, heated message to the reviewer or underprepared Google report. Reviews can be edited, translated, removed or repeated elsewhere.
A strong evidence file contains the review URL, reviewer profile URL, publication date, visible star rating, exact wording, attached photos, the affected Google Business Profile, screenshots with browser bar visible, owner replies, report IDs and any later edits. The file should keep original captures separate from annotated working copies.
The Spanish Civil Procedure Act is relevant when the dispute may need court-grade evidence. A business should record who captured the material, when, from which device, where the originals are stored and what internal systems were searched. In sensitive cases, a notarial act, expert report or reliable technical capture may be considered.
- Preserve full screenshots, URLs, profile links, publication dates, star rating, attached images and report IDs.
- Search customer, booking, invoice, CRM, email, call, complaint, refund and branch records fairly.
- Classify each sentence as opinion, fact, insult, personal data, threat, conflict of interest, fake engagement or ordinary criticism.
- Keep separate versions for Google, counsel, management and any public reply.
- Redact health, employee, payment, customer, minor and privileged information before external use.
- Record harm carefully: lost inquiries, cancellations, customer messages, rating movement and internal cost.
Case example: Madrid clinic accused of falsifying invoices
A Madrid clinic receives a one-star review claiming that staff falsify invoices and manipulate records. The name does not match appointments, invoices or message history, but the review appears prominently on the Google Business Profile.
The first operational step is to freeze the evidence and stop improvised replies. The business should appoint one internal owner, collect the records, identify whether the reviewer could be a real customer and decide whether the issue is mainly platform-policy, honour, privacy, unfair competition or communication risk.
A lawyer-style file should contain a sentence-by-sentence table. Column one quotes the words. Column two states the likely classification. Column three lists available proof. Column four identifies the Google category. Column five recommends a proportional action: monitor, public reply, Google report, preservation notice, burofax, civil review, criminal-law assessment or no escalation.
Proportionality should be written into the file. A rude but genuine customer complaint should not receive the same treatment as a no-customer campaign, fraud accusation, privacy exposure or review blackmail demand. A narrow request is often more credible: remove a false phrase, remove a photo, redact personal data, review a cluster, preserve account evidence or correct a specific allegation.
Lawyer-style working file for Spain
A Spanish Google review file should be readable by four different audiences: the Google moderator, the business decision-maker, opposing counsel and, if escalation is needed, a judge. That means the first page should avoid legal rhetoric and state the basics: affected business profile, location, discovery date, capture date, reviewer profile, exact disputed words, internal owner of the file and the next approved step. This front page prevents customer service, marketing and management from sending inconsistent messages.
The second page should record the business's fair customer search. It should explain which systems were searched, what spelling variants were checked, which date range was used, which branches or departments were included and what uncertainty remains. Saying that the reviewer is unknown is weaker than showing a careful search of bookings, CRM, invoices, email, call logs, delivery records and complaint channels. A fair search is also more credible because it recognises that customer names can be abbreviated, misspelled or attached to another person in the transaction.
The third page should separate legal categories from Google categories. Spanish honour law asks whether a statement harms honour, reputation or dignity in context. Criminal-law analysis asks a narrower and more serious question about calumnia or injuria. Unfair-competition analysis asks whether the publication distorts the market or denigrates a competitor. Google policy asks whether the content violates platform rules. These are related but not identical tests. Mixing them into one paragraph usually makes the report less useful.
The fourth page should define success. Success is not always full removal. It may be removal of a false phrase, removal of an employee name, deletion of a photo, correction of a review, preservation of identity evidence, cessation of a review campaign, a calmer public record or a decision not to escalate. Defining success early keeps the response proportionate and prevents the business from treating every review issue as litigation.
The fifth page should control confidentiality. A business may have documents that prove its position, but those documents may contain client, patient, employee, payment or private communications data. The file should mark each exhibit as internal only, counsel use, redacted Google use or public-reply safe. That labelling protects the business from winning the evidence issue while losing the privacy issue.
The final page should list escalation triggers. Escalation is more justified when the review alleges criminal conduct, deliberate fraud, unsafe treatment, discrimination, falsification, personal-data exposure, organised competitor activity or pressure for money. It is less justified when the review is a genuine but harsh opinion about service quality. This trigger list helps the business act consistently across locations and future reviews.
The file should also include a communications log. Every Google report, appeal, customer message, lawyer letter, internal decision and public reply should be dated and stored. This matters because a review dispute can change quickly: the author may edit the text, publish a second review, contact staff, demand payment or move the accusation to another platform. A dated log keeps the business from relying on memory.
For multi-location businesses in Spain, the file should confirm the affected branch and avoid assuming that a no-match search at one location proves no customer relationship anywhere. Searches should include relevant branches, booking channels, third-party platforms, franchise records and common misspellings. A fair multi-location check makes the Google report more credible and reduces the risk of overclaiming.
Finally, the business should decide who is allowed to speak. Staff should not reply from personal accounts, ask friends for counter-reviews or contact the reviewer without approval. One controlled voice protects evidence, tone and privacy. It also makes later legal correspondence easier because the company can show a consistent and restrained response.
Google policy angle
The Google report should translate the Spanish legal concern into platform categories such as fake engagement, misrepresentation, harassment, conflict of interest or personal information.
Google's Business Profile content policy focuses on platform categories such as fake engagement, conflicts of interest, harassment, personal information and misleading content. The review reporting tool needs moderation logic: which review, which rule, which non-confidential proof and what request.
A strong Google submission should not simply say that the review is defamatory. It should explain why the reviewer does not match customer records, why a factual accusation is false, why the account appears conflicted, why personal information is exposed or why a cluster suggests manipulation. Each point should be tied to a short exhibit.
Escalation criteria
A legal notice should quote the exact passages, explain why they are false or unlawful, request preservation and correction or removal, and avoid promising a specific outcome.
The LSSI and the Digital Services Act reinforce the value of precise online-content notices: identify the content, explain the legal or policy reason, provide contact details and preserve traceability. They do not guarantee removal; they help structure serious notice-and-action work.
Escalation becomes more plausible where the review alleges crime, fraud, unsafe conduct, discrimination, falsification, privacy breach, misleading practices or a coordinated campaign. It is also more serious where there is no customer match, threats preceded publication, multiple profiles act together or contemporaneous commercial harm is documented.
Emergency court relief or interim measures should be considered only where the evidence, urgency and proportionality support that step. Spanish honour and expression analysis remains fact-sensitive. The request should be narrower than the entire criticism where possible.
Risk cautions
The main risk is replying publicly with patient, payment or customer data, or accusing the author of fraud before the evidence is stable. A business can be right on the merits and still damage its position through its reaction. Public replies that disclose customer data, add new accusations or threaten disproportionate action can create a second dispute.
Data protection is a separate control layer. The GDPR, LOPDGDD and AEPD erasure guidance matter when a review or response contains personal data. The private legal file can be fuller than the Google submission or public response, which should be redacted and minimal.
Businesses should also avoid public counter-accusations against competitors, ex-employees or customers unless the evidence and wording have been reviewed. Suspicion can justify investigation; it does not automatically justify publication.
Public response
A public response is not a pleading. It is written for future customers. It can say the business takes the issue seriously, cannot match the facts as described with available records and invites private contact. It should not publish records, name staff unnecessarily, argue every line or accuse the reviewer of a crime.
If a Google report or legal notice is under consideration, the response should remain consistent with that strategy. Contradictions between a public reply, Google submission and burofax can weaken the file.
Practical conclusion
The strongest strategy is to preserve the review, classify the exact statements, match them to records and choose the least excessive route that can realistically help.
This article is informational only. It does not promise removal, damages, injunctions, reviewer identification or any Google outcome. Spanish review disputes require analysis of the exact wording, evidence, date, author status, sector, data issues and commercial harm.
Official sources used
- Spanish Constitution, Articles 18 and 20: honour, privacy, image rights, expression and truthful information.
- Organic Law 1/1982: civil protection of honour, privacy and image rights.
- Spanish Criminal Code: calumnia and injuria framework, including Articles 205 and 208.
- Civil Code Article 1902: civil liability for fault-based harm where appropriate.
- Civil Procedure Act and LSSI: evidence, procedural planning and intermediary-notice context.
- Unfair Competition Act and LOPDGDD: denigration, misleading practices, personal data and digital rights.
- STC 104/1986, STC 107/1988 and STC 172/1990: balancing honour, expression, facts, opinion and truthfulness.
- AEPD erasure guidance, GDPR and Digital Services Act: privacy, erasure and notice-and-action logic.
- Google Business Profile prohibited and restricted content and Google review reporting tool: platform categories and reporting workflow.
