[ad_1]
The French authorities on Monday fined 50 million euros (57 million euros) Google for violating the EU 's privacy rights. This is not so bad considering the $ 33.7 billion in revenue last quarter released by Alphabet, Google's parent company. However, along with the $ 2.7 billion fine imposed by the EU on Google for antitrust in 2017, a record at the time, the fine risk to be less important than the potential future changes of Google's business model.
This fine is the first of many possible actions against US giants of technology for violation of the European General Data Protection Regulation, which took effect in May 2018. Privacy advocates have filed complaints against several other companies , ranging from Amazon to Netflix, going through credit badessment companies like Equifax and Experian. Depending on how European regulators decide, companies, large and small, may have to change the way they collect and store their personal information online. At the same time, similar laws in California and Washington, and proposed legislation in New Jersey and other states, could force companies to rethink data confidentiality in the United States.
The CNIL, French data protection authority, said Google had breached the GDPR because the company had not obtained the consent of users allowing it to use their data to personalize its ads. Google allows users to opt out of ad customization, but ads must choose to do so. The CNIL also felt that Google made it too difficult for users to know how their personal information was used and how long it was stored.
Google did not announce it was going to appeal the fine. "People expect of us a high level of transparency and control," said a spokesman for Google in a statement. "We are deeply committed to meeting these expectations and GDPR's terms of consent, and we are considering the decision to determine our next steps."
If Google does not appeal or loses the call, the company will have to either go from an opt-out model to an opt-in template for ad customization, or find a legal justification to use personal data without explicit consent.
The CNIL opened an investigation on Google last year after receiving complaints from the French rights group La Quadrature du Net and the Austrian group NOYB (abbreviation of "none of your business").
"We are very pleased to see that, for the first time, a European Data Protection Authority is using the opportunities offered by the GDPR to punish gross violations of the law," said NOYB founder Max Schrems in a statement. communicated. He added that Google and other major technology companies "have often only superficially adapted their products.It is important that the authorities make it clear that it is not enough to claim compliance." .
But there is still disagreement about the GDPR requirements. "There is still a lot of gray," says Brian Kane, a former Google executive and co-founder of Sourcepoint, a company that makes software that helps businesses comply with the GDPR.
For example, the GDPR describes the circumstances in which companies are allowed to use or "process" personal information. The law insists on obtaining the explicit consent of users, but describes some circumstances in which consent is not necessary, such as when a company must collect data to comply with another law or when it is necessary for his "legitimate interests".
This has created some uncertainty as to when companies actually need their consent. The Google fine imposed this week does not solve the problem because the company claimed to have obtained the user's consent, not legitimate interests.
But there are many other cases to clarify GDPR. Last week, NOYB filed a new lawsuit against Google, along with seven other tech companies, including Apple, Amazon, Netflix and Spotify, about how their streaming services respond to users' requests for their own data. . Last year, Privacy Group filed a lawsuit against seven information technology consulting, data brokerage and credit monitoring firms, including Oracle, Quantcast, Equifax and Experian. The complaints filed by Privacy International challenge the use of "legitimate interest" as a legal justification for data collection.
More great cable stories
Source link
