Tech giants are finding themselves increasingly under scrutiny not just in North America, but in foreign markets as well. With new EU regulations concerning data privacy having entered effect, Google has become the first US tech giant to get targeted by the new laws. Specifically, the company was fined a €50 million penalty for not being transparent in its use of personal data and how it’s collected.
While the sum is little more than a slap on the wrist for the multi-billion tech behemoth, it represents a shift in the general attitudes of European countries as data-mining concerns become increasingly apparent. France’s data protection office, CNIL, ruled the US search engine guilty of breaking the General Data Protection Regulation (GDPR) today in a decision that has left many other advertising groups, data brokers, and tech companies worrying whether they will fall under similar scrutiny in the future. The regulator said that Google’s users weren’t able to understand how the company uses data because the disclosures were too “vague” and “generic” and diluted across many documents.
“The processing operations are particularly massive and intrusive because of the number of services offered (about 20), the amount and nature of the data processed and combined,” said CNIL according to The Financial Times. “It is not possible to be aware of the plurality of services, websites, and applicants involved in these processing operations (Google search, YouTube, Google Home, Google Maps, Playstore, Google Pictures…) and therefore of the amount of data processed and combined.”
After chastising Google for supposedly not going far enough to clarify how it used data in their numerous applications, as well as their approach to acquiring consent for ad targeting, the regulators decision will force Google to reevaluate how they operate going forward. At the same time, other groups have filed complaints under GDPR, with major software companies like Oracle and credit rating agency Experian falling under scrutiny of breaking these rules.
In response to the ruling, analysts expect a new wave of fines to hit the tech and advertising industries that operate in Europe. Under current rules, regulators have the power to issue fines of up to four percent of a company’s annual turnover. In comparison, the €50 million seems more like a warning, as Google – which made over $33 billion last quarter alone – could potentially be charged billions in fines should the regulators have wished to be more severe.
“The era of GDPR enforcement is upon us. There is no question whether there will be more fines, it is just a matter of time,” said one cyber security analyst. “The first decisions and fines will be very important because they will define how GDPR is actually understood and enforced in practice. System and software design changes will follow.”
In response, a Google spokesperson said that the company remains “deeply committed” to addressing the “high standards of transparency and control” that the new GDPR regulations expect of it.
Back in May 2018, the company received another complaint by a consumer-focused group, which targeted what they saw as the use of “forced consent” by Google and other tech giants like Facebook, calling out that consumers had no choice but to use personal data in accessing these services. In contrast, GDPR requires consent to be freely given by the end user.