GDPR was arguably the buzzword of 2018. Chances are if you work with data of any kind, you know what it means. If, however, you’ve been living underground without access to the internet, General Data Protection Regulation (GDPR) is an EU-led initiative that brings with it the most important change to data privacy rules and guidelines in 20 years.
To put it simply, anyone found to be in breach of GDPR regulations on or after 25th May 2018 faces a lot more than a slap on the wrist.
Google, arguably the largest collector of personal data on the planet, has today been hit with a £44m (€50m) fine by French data regulator - Commission nationale de l'informatique et des libertés (CNIL for short). The fine itself relates to two separate complaints filed against Google in May 2018, the first of which was actually filed on 25th May 2018, the first day of GDPR rules being enforced.
The complaints came from two different data privacy rights groups: La Quadrature du Net (LQDN) & noyb (who have possibly the best company tagline I’ve heard: “My Privacy is none of your Business”). The two complaints were both relating to the way Google uses personal data in order to serve targeted and personalised ads to people through their advertising platform, Google Ads. CNIL have stated that they handed Google the £44m fine due to "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation", they go on to say the people were "not sufficiently informed" about the ways in which Google collected data to create personalised advertising.
On top of the alleged lack of transparency, Google have also been accused “pre-ticking” options to personalise adverts when people create an account, another element of data collecting that is in breach of GDPR.
In a statement from Google, they have come out and said that they are “studying the decision” to work out what their next steps are, following the huge fine. Although in fairness, they can probably afford to pay if push comes to shove.
The issue doesn’t end here. Data privacy group noyb have also launched complaints against Apple, Amazon, Netflix, Spotify and WhatsApp & Facebook as well as Google. If all these complaints are upheld and fines handed out to these giants of our internet enabled world, it would herald a huge victory for data privacy activists.
At e-Careers, we offer a leading GDPR course that for a very reasonable price (it’s not £44m) can help save you and your business from breaching GDPR, by teaching you the principles and the guidelines.