Google have recently been fined a total of 50M euros (approximately £44M) by the French data agency National Data Protection Commission (CNIL), becoming the first tech giant to be hit with a fine for breaking the EU’s General Data Protection (GDPR) rules.
There has been a major shift towards a more conscious consideration of security and how data is managed. Facebook were first to fall under intense GDPR scrutiny after the Cambridge Analytica revelation with other major companies such as T-Mobile and British Airways falling victim to massive data breaches.
The record fine for Google has been levelled due to “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation” sources have found. According to reports Google refute this and claim that it “worked hard to create a GDPR consent process for personalised ads that is as transparent and straightforward as possible”. Representatives also outlined in an email statement that the process is “based on regulatory guidance and user experience testing” and raised concerns about how this fine may impact “publishers, original content creators and tech companies in Europe and beyond”.
CNIL have said that Google have violated terms of GDPR under two accounts. The first reason being that Google was not transparent enough when it comes to creating a Google account through an Android device and has “massive and intrusive” data processing practices. If Google users request what information Google have on them that information often “gets spread across multiple pages”, making it “not easily accessible for users”. This is said to be a real issue for regulators, “For instance, this is the case when a user wants to have a complete information on his or her data collected for the personalisation purposes or for the geo-tracking service.”
Data processing was too vague and generic according to the French data watchdog CNIL which resulted in users not being able to fully understand them. There was also claims that the option to personalise ads was “pre-ticked” when creating an account which did not respect the GDPR rules.
CNIL also view the consent that is gathered for ads personalisation as not valid. “The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent,” commented the CNIL.
In a statement, Google said “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and consent requirements of the GDPR”.
We can expect this to be the first of many major fines issued as GDPR, and data management, continues to be a key area of concern for companies and legislators alike.
If you are concerned about your own data security, then why not check out our own GDPR Service Packages or consider protecting your IT through our dedicated IT Support team to make sure that you are protected from such misuse of data.