Windows 10 News and info | Forum
February 28, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Google Fined €50 Million by French Watchdog for Lack of Transparency  (Read 333 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 31106

I Do Windows

WWW Email
« on: January 26, 2019, 04:27:38 PM »

Google was hit with a €50 (56,8) million financial penalty in accordance with the General Data Protection Regulation (GDPR) by the Commission Nationale de l’informatique et des Libertés (CNIL) for violating transparency and information obligations and for not obtaining user consent for processing data for ads personalization purposes.

The French watchdog's fine against Google follows complaints filed by None Of Your Business (NOYB) and La Quadrature du Net (LQDN) on 25 and 28 May 2018 against Google LLC for "not having a valid legal basis to process the personal data of the users of its services, particularly for ads personalization purpose."

GDPR is a user and data privacy regulation which came into effect in the European Union on May 25, 2018, quickly put to use by NOYB to file four complaints against Google, Facebook, Instagram, and WhatsApp on the same day over their use of "forced consent."

Google found to violate two GDPR requirements

CNIL launched an online inspection to check the compliance of Google's processing operations with both the GDPR and the French Data Protection Act by "by analyzing the browsing pattern of a user and the documents he or she can have access when creating a GOOGLE account during the configuration of mobile equipment using Android."

The investigation led to the conclusion that the search giant was violating two GDPR provisions by not providing easy access to essential information regarding its services to its users, and not legally obtaining user consent to process data for ads personalization.

First, although Google does publish all the information required by the GDPR, the company makes it very hard for its users to find it and, in multiple cases, that information is not clear nor comprehensive according to CNIL.

Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information. The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions. For instance, this is the case when a user wants to have complete information on his or her data collected for the personalization purposes or for the geo-tracking service.

Secondly, even though Google says that it asks for its users' consent before processing data meant for ads personalization, CNIL's restricted committee found that is not the case given that users are not sufficiently informed during this process and the consent is neither "specific" nor "unambiguous," as required by the GDPR.

Indeed, the user not only has to click on the button “More options” to access the configuration, but the display of the ads personalization is moreover pre-ticked. However, as provided by the GDPR, consent is “unambiguous” only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance). [..] Therefore, the user gives his or her consent in full, for all the processing operations purposes carried out by GOOGLE based on this consent (ads personalization, speech recognition, etc.). However, the GDPR provides that the consent is “specific” only if it is given distinctly for each purpose.

As concluded by CNIL's press release (original French version here) regarding Google's €50 million financial penalty, the fine was justified by the gravity of the company's infringements of essential GDPR principles such as information, transparency, and consent.

Google not the first nor the last to violate EU's GDPR

The severity of the violations, in this case, was also amplified by the fact that Google is still violating GDPR's provisions in a continuous form as detailed by the French watchdog's report.

Meanwhile, Google-owned YouTube is also the target of a GDPR complaint filed by NOYB for violating the "right to access" provision described in the EU regulation's Article 15, with a maximum penalty that could reach €3.87 Billion according to the NGO.

Multiple tech companies were targeted with GDPR complaints after the regulation was enacted in the EU, with Google previously being under fire during November 2018 as the main culprit in complaints filed by multiple consumer groups according to The European Consumer Organisation for deceptive practices to track user location.

Additionally, Acxiom, Oracle, Criteo, Quantcast, Tapad, Equifax, and Experian were also subjects of a GDPR complaint filed by user rights group Privacy International because of their practice of collecting the data of millions and using it to create user profiles.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page November 05, 2019, 02:46:25 PM