Google’s first GDPR probe comes from Irish privacy regulators
It was only a matter of time before somebody subjected Google to a GDPR probe, and that day has finally come. Ireland’s Data Protection Commissioner, Helen Dixon, today announced that an investigation was being mounted following complaints from a number of companies, such as Brave web browser. The Irish watchdog said that complaints were largely against the way Google handles personal information for advertising.
According to Brave chief policy officer, Johnny Ryan, when a person visits a website and is shown a “behavioral” ad, Google broadcasts intimate personal data to tens or hundreds of companies to aid in targeted advertising. This is all done, of course, without the person’s knowledge or consent. This is in violation of the Irish Data Protection Act, enacted in 2018.
In a statement, Dixon said that “A statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange.” The landmark Data Protection Act of 2018 saw standards being raised by Irish lawmakers with regard to how companies process and make use of their client’s data. The Act was brought into law in order to comply with the EU’s new GDPR regulations, enacted in the same year. There was much discussion about how companies like Google and Facebook – which process a lot of user data – would manage to meet these guidelines, and what would the repercussions be if they didn’t.
Under GDPR, regulators like the Irish Data Protection Commission can impose fines of up to 4% of a company’s global revenue, or €20 million – whichever is higher. In the case of Google, 4% of global revenue amounts to $5.4 billion, or ~4.8 billion euro. What’s perhaps scarier for Google, however, is that if found guilty, it would more than likely have to make fundamental changes to the way its ad system works in order to avoid future infractions.
Google appears to be willing to review its systems as well. The Verge reached out to Google for comment, and was told by a representative that Google would “engage fully with the DPC’s investigation,” but claimed that “authorized buyers using our systems are subject stringent policies and standards.” While this statement dances around how exactly Google is handling user data, it’s good to see the tech giant willing to comply with investigations.