Ireland Is Investigating Google Over “Suspected Infringement” of GDPR

Google is facing a new investigation in Ireland over alleged infringement of GDPR. Reuters is reporting that Google is being investigated by Ireland’s Data Protection Commission (DPC) after numerous complaints against the company’s way of handling its ad business.

Browser maker Brave’s Chief Privacy Officer was the first to file a formal complaint against Google, which triggered the investigation by the DPC. According to Brave, a “massive and ongoing data breach” in Google’s ad tech was leaking people’s personal data, including locations, inferred religious, sexual, political characteristics, what they are reading, watching, and listening to online, and unique codes that allow long term profiles about each person to be built up over time.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

That easily violates the GDPR laws, which requires personal data to be tightly controlled and give users complete control over the data.

“A statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange,” the Irish DPC said in a statement to Reuters. 

Google could face large fines if it’s found guilty by the DPC. The company will face fines of up to 4% of its global revenue if the DPC founds it guilty of infringing GDPR, which would also require the tech giant to change the way its ad business works — at least in Europe.

It’s been almost a year since GDPR came into effect, and Google is one of the biggest companies to face investigations over GDPR infringement, while companies like Microsoft are calling for other countries like the US to introduce its own version of GDPR.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 9 comments

  • lvthunder

    Premium Member
    22 May, 2019 - 4:13 pm

    <p>Well is it a data breach (meaning an unauthorized person took it), a bug that is exposing this information, or is this by design?</p>

    • karlinhigh

      Premium Member
      22 May, 2019 - 5:14 pm

      <blockquote><em><a href="#430021">In reply to lvthunder:</a></em></blockquote><p>Or does GPDR even care which one – maybe they're all exposures to fines?</p>

      • nerdile

        Premium Member
        22 May, 2019 - 9:34 pm

        <blockquote><em><a href="#430054">In reply to karlinhigh:</a></em></blockquote><p>Regulators generally consider all of the above. </p>

    • wright_is

      Premium Member
      23 May, 2019 - 4:22 am

      <blockquote><em><a href="#430021">In reply to lvthunder:</a></em></blockquote><p>Even if it is design, under GDPR it is a data breach.</p><ul><li>The data cannot be legally shared with third parties without the explicit <em>written</em> permission of the identifiable persons. </li><li>The minimum amount of data is to be collected, in order to allow the job at hand to be performed.</li><li>The data has to be held for the minimum amount of time possible, in order to allow the job at hand to be performed. </li><li>The data cannot be used for any other purposes than those which they have informed the persons identifiable it will be used for (E.g. if they have said it will be used to display an advert, they can't use the information for tracking. If they use it for tracking, they can't use it to sell adverts. If they use it for their advertising platform, they can't use it for direct sales or linking the information to a Google Account).</li><li>The user <em>must opt in to the data collection</em>.</li><li>The user be able to view the data collected in electronic form.</li><li>The user must be able to correct any erroneous information. (Or rather the data gatherer has to provide a method for the user to make changes, whether that is directly or by informing the data gatherer of the errors and the data gather making the relevant changes in a timely manner.)</li></ul><p>There is a lot more to it, but those are probably the key ones for an overview of what Google is doing wrong.</p>

      • lvthunder

        Premium Member
        23 May, 2019 - 10:49 am

        <blockquote><em><a href="#430124">In reply to wright_is:</a></em></blockquote><p>My question is more about how I feel about this personally more then legally. If it's a theft well that's bad, but forgivable. If it's just a bug well they happen all the time to everyone and my thought is just get it fixed. If it's by design then that's where I have a big problem with it.</p>

        • wright_is

          Premium Member
          24 May, 2019 - 8:43 am

          <blockquote><em><a href="#430158">In reply to lvthunder:</a></em></blockquote><p>When was the last time you were asked if Google could collect your data to display you an ad, when you visited a site? ;-)</p>

  • MikeGalos

    22 May, 2019 - 11:47 pm

    <p>Well, no surprise that while Microsoft is supporting increased user privacy rights Google is getting caught violating even the existing laws.</p><p><br></p><p>That's the difference between a technology company and an ad sales company.</p>

    • dontbe evil

      23 May, 2019 - 1:56 am

      <blockquote><em><a href="#430107">In reply to MikeGalos:</a></em></blockquote><p>100% agree … let's wait for google fanboys to reply and downvote</p>

  • dontbe evil

    23 May, 2019 - 1:55 am

    <p>time to pay</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC