Watch out Google! Here Comes French Data Protection Authority with a €50 Million Fine on GDPR Breach

It was only a day before Google moved its service provision to Dublin from the USA and made Google Ireland Limited the new headquarters for “data control.” The department was of paramount importance to Google as it held the legal responsibility of possessing the EEA and Swiss user information. While things were going quite sunny for the Google department upstate, who knew that darkness would loom over the horizon of this blooming organization at that very moment.

Google has been accused of using the user’s personal information for its personal use which is against the GDPR policy… says the French Data Protection watchdog, CNIL.

The organization conducted thorough research and came to the conclusion that Google is not GDPR compliant. In its defense, the French Data Protection provided the following two clauses.

  • CNIL holds a firm belief that data processing performed by Google for new Android users. which appears to happen outside the European region, is done without the consent of Europeans.
  • The organization also concluded that the permissions involved with data processing intended for running personalized campaigns aren’t as transparent as they are expected for the users.

Generally speaking, CNIL identified two diverse types of violations under the EU GDPR policy. One of the violations involved transparency of information prohibits, while the other accused of not having the consent of customers to use their data.

Whenever a user creates a new account on Google using their respective smartphones, Google provides them the option to tick on a specific checkbox, which states, “I agree to the processing of my information as described above and further explained in the Privacy Policy.”

So, every time a user creates a new account on Google from their smartphones, Google asks them to tick the box without informing them that their personal information can be used to run personalized ads. These ads will not only run on the user’s smartphone but also across other channels, like YouTube.

When the French Data Protection Company CNIL went through the GDPR documents, they realized that this particular action performed by Google is (in accordance to law) in total violation. Hence, the French privacy regulators were left with no choice but to slap a €50 Million fine on Google’s parent organization Alphabet Inc.

In one of its statement, CNIL reported,

“The general architecture of the information chosen by the company does not respect the obligations of the Regulation. Essential information, such as the purposes for which the data is processed, the length of time the data is stored, or the categories of data used to personalize the advertisement, are excessively scattered throughout several documents, which include buttons and links that it is necessary to activate to read additional information”

And in response to their tirade, Google retorted,

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”

As far as the concern about the amount being too hefty to be paid, the French data authority CNIL has deemed this amount as “justified by the severity of the infringements observed regarding the essential principles” in the light of the EU’s GDPR policy.

Looming Dangers on the Horizon for Eight Other Technology Giants

Google was fined when two privacy rights groups claimed that the world’s largest search engine is working with user data in such a way that it is in direct violation of the GDPR policy. The fine was imposed by the French Data Protection Authority right after Google made the big decision of shifting its service providing activities to the Google Ireland Limited. The purpose of performing this major shift was to allow the HQ at Ireland to handle all consumer-related services.

The firm Noyb which filed the initial complaint on Google for not following pace with the GDPR policy also issued similar complaints about eight other technology giants including names like Apple, Amazon, Netflix, Spotify, and YouTube. Noyb thought that raising alarm bells would compel them to rerevise their product marketing strategies in coherence with the GDPR policy; however, it didn’t have much of an impact.

Noyb also highlighted the rights of the individual in the light of the GDPR policy.

It allows a user to ask for a copy of all the raw data which a company holds about that particular user. They can also ask for additional information regarding other recipients, why they have collected their personal information and for how long they choose to keep the information stored.

Max Schrems. The director of Noyb said,

“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to. In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

The French Security Regulation Authority has already played its second move on the chess board and has filed complaint all across Europe, targeting firms like Amazon, Netflix, and YouTube.

It’s only a matter of time before more authority figures in information security are going to move up the ladder. For multinational giants, it is important that they address such problems at the earliest and make sure that none of their marketing activities are deviating from the set standards of the EU GDPR Policy.

What Can I do to Become GDPR Compliant?

Although, most regulations included within the new GDPR policy are pretty much similar to those which are already present in the current Data Protection Act (DPA). In case, if your business is already following those laws, then you need not to worry about the GDPR policy that much. However, if your business practices are deviating from such regulations, then you need to make certain changes within your business.

Most believe that the GDPR policy is only applicable within the EU region which leaves the UK out. Enforced by the Information Commission Office, it has been highlighted that the UK’s decision of not being a part of the European Union will not have any effect. It means that they are equally liable to the GDPR policy as the other countries in EU.

GDPR compliance for most modern-day website solution is an essential task to be achieved. Even the most powerful technology firms are facing demise when it comes to practicing GDPR regulations. Such security breach organizations such as CNIL are always out there on the hunt. They observe which websites are not-compliant and based on their level of non-compliance place heavy fines on them.

I am sure you do not want that to happen with your website now, do you?

Branex – Web Design and Development Agency makes sure that your software products are not only compliant but are aesthetically designed to please the customers. We create high performance, flexible and dot-point interactive digital solutions for businesses worldwide. All our development are in full compliance with the latest GDPR policy.

Have you checked out our amazing business portfolio? Take a look.

Ashad Rehman

Hi, I am working as a content developer at Branex, a web design, and development agency. I write on social media, web design, brand management, digital marketing, search engine optimization, and a whole lot more.

Add comment

Leave a Reply