Irish Data Protection Puts Google on Notice for Data Privacy - Again
Ireland's Data Protection Commission has announced that it's looking into Google yet again - this time for the way it processes user location data and transparency.
Google has once again drawn the ire of Ireland’s Data Protection Commissioner, largely viewed as one of the more vigilant data protection authorities, over how it handles how it handles the data of its users.
This week the Irish DPC announced that it was launching a formal investigation into how the company tracks its users' location data.
In the words of the DPC, its inquiry "will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency."
The announcement came on the same day the DPC said it was looking into dating app Tinder and how it honors data requests by users. Both probes are questioning whether the companies are violating the European Union's General Data Protection Regulation, or GDPR.
Last year Ireland's DPC opened a similar investigation into how Google handles user data for advertising purposes. That case was prompted by several complaints that alleged the company wasn't properly following GDPR through each step in which it processed personal data.
The DPC claims this week's inquiry is also based on complaints from various Consumer Organizations across the EU.
Ireland’s DPC, An Coimisiún um Chosaint Sonraí in Irish, has become somewhat prolific when it comes to data protection authorities in the wake of the enactment of GDPR. The regulator said last year that it had 51 large-scale investigations under way, including 23 formal probes into U.S. tech companies, like Twitter, Apple, and LinkedIn and how they handle user data.
The European Consumer Organization, a consumers group, applauded the efforts of the DPC on Tuesday.
“Consumers should not be under commercial surveillance. They need authorities to defend them and to sanction those who break the law. Considering the scale of the problem, which affects millions of European consumers, this investigation should be a priority for the Irish data protection authority. As more than 14 months have passed since consumer groups first filed complaints about Google’s malpractice, it would be unacceptable for consumers who trust authorities if there were further delays. The credibility of the enforcement of the GDPR is at stake here,” Monique Goyens, Director General of the BEUC said.
Google, as its done time and time again in these scenarios, indicated this week that it plans to cooperate with the DPC.
"We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe," a Google spokesman told publications including the Associated Press this week, “In the last year, we have made a number of product changes to improve the level of user transparency and control over location data.”
Match Group, the internet company that owns a slew of dating sites, including Hinge, PlentyOfFish, OkCupid, and Tinder, acknowledged that it too would cooperate.
“Transparency and protecting our users’ personal data is of utmost importance to us,” Match Group said. “We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws.”
Under GDPR of course, regulators can fine organizations up to 20 million euros or up to 4% of their annual revenues, whichever is the greater amount.