Ireland Is Investigating Google Over “Suspected Infringement” of GDPR

Posted on May 22, 2019 by Mehedi Hassan in Google with 9 Comments

Google is facing a new investigation in Ireland over alleged infringement of GDPR. Reuters is reporting that Google is being investigated by Ireland’s Data Protection Commission (DPC) after numerous complaints against the company’s way of handling its ad business.

Browser maker Brave’s Chief Privacy Officer was the first to file a formal complaint against Google, which triggered the investigation by the DPC. According to Brave, a “massive and ongoing data breach” in Google’s ad tech was leaking people’s personal data, including locations, inferred religious, sexual, political characteristics, what they are reading, watching, and listening to online, and unique codes that allow long term profiles about each person to be built up over time.

That easily violates the GDPR laws, which requires personal data to be tightly controlled and give users complete control over the data.

“A statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange,” the Irish DPC said in a statement to Reuters. 

Google could face large fines if it’s found guilty by the DPC. The company will face fines of up to 4% of its global revenue if the DPC founds it guilty of infringing GDPR, which would also require the tech giant to change the way its ad business works — at least in Europe.

It’s been almost a year since GDPR came into effect, and Google is one of the biggest companies to face investigations over GDPR infringement, while companies like Microsoft are calling for other countries like the US to introduce its own version of GDPR.

Tagged with , ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (9)

9 responses to “Ireland Is Investigating Google Over “Suspected Infringement” of GDPR”

  1. lvthunder

    Well is it a data breach (meaning an unauthorized person took it), a bug that is exposing this information, or is this by design?

    • karlinhigh

      In reply to lvthunder:

      Or does GPDR even care which one - maybe they're all exposures to fines?

    • wright_is

      In reply to lvthunder:

      Even if it is design, under GDPR it is a data breach.

      • The data cannot be legally shared with third parties without the explicit written permission of the identifiable persons.
      • The minimum amount of data is to be collected, in order to allow the job at hand to be performed.
      • The data has to be held for the minimum amount of time possible, in order to allow the job at hand to be performed.
      • The data cannot be used for any other purposes than those which they have informed the persons identifiable it will be used for (E.g. if they have said it will be used to display an advert, they can't use the information for tracking. If they use it for tracking, they can't use it to sell adverts. If they use it for their advertising platform, they can't use it for direct sales or linking the information to a Google Account).
      • The user must opt in to the data collection.
      • The user be able to view the data collected in electronic form.
      • The user must be able to correct any erroneous information. (Or rather the data gatherer has to provide a method for the user to make changes, whether that is directly or by informing the data gatherer of the errors and the data gather making the relevant changes in a timely manner.)

      There is a lot more to it, but those are probably the key ones for an overview of what Google is doing wrong.

  2. MikeGalos

    Well, no surprise that while Microsoft is supporting increased user privacy rights Google is getting caught violating even the existing laws.


    That's the difference between a technology company and an ad sales company.

Leave a Reply