Google's lesson is one we could all learn
The story about Google and its hefty fine for breach of GDPR is perhaps a reminder to all of us about the seriousness of data protection.
Whilst the Information Commissioners Office (ICO) said in the early days of the legislation that GDPR would land fairly softly, actually, the first complaint was filed on the same day the legislation took effect. It was around the same time, May 2018, when complaints against Google started to come in, as it was believed there was a lack of transparency around their advertising policy.
Two privacy rights groups filed the complaints around inadequate information and lack of valid consent regarding the personalisation of advertising. What’s more, these privacy rights groups claimed there was no valid legal basis for Google to process user date for the personalisation of ads – something which is strictly outlined in GDPR legislation.
The outcome was ruled against Google, with findings stating that users were not able to fully understand the extent of the processing operations being carried out. When under investigation, it was also found that Google has no valid legal basis to process user data in this way.
Google has now been fined 50 million Euros.
However, whilst Google is in the spotlight, they are not alone. A number of tech giants are currently under investigation for failing to comply with GDPR regulations around the right to access. When under investigation by NOYB, a separate privacy rights group, Amazon, Apple, Spotify and YouTube were amongst the culprits in either delaying access or providing unintelligible data.
Put simply, GDPR legislation was introduced to allow for transparency around our personal data and how it is held by companies. The rule of thumb is generally that data should be both machine readable and easily understood by customers. It should also be produced in an acceptable time frame in accordance with the right to access guidelines.
Let’s use Google as a reminder to us all that data privacy is extremely important – and the ICO will follow up complaints and issue big fines for those who do not comply.
If you would like some further information about GDPR compliance, contact Downs Solicitors to see how we can help.