General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy
Ireland's Privacy Watchdog Probing Google's Data Use
Investigation Comes After Numerous Consumer ComplaintsIreland's Data Protection Commission is launching an investigation into how Google uses customer data for its location services after the privacy watchdog received numerous complaints from consumer rights organizations across the European Union.
See Also: Using the Netskope HIPAA Mapping Guide
The watchdog announced Tuesday that it has initiated an investigation into how Google's Ireland subsidiary, Google Ireland Limited, processes its customer location data and if the company is following rules and guidelines in accordance with the European Union's General Data Protection Regulation.
Data Protection Commission launches Statutory Inquiry into Google’s processing of location data and transparency surrounding that processing - https://t.co/3n5KnvTFyU pic.twitter.com/xPVNNPkzZE
— Data Protection Commission Ireland (@DPCIreland) February 4, 2020
"The inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency," the commission said in a statement.
Under GDPR, European citizens can file complaints with their country's privacy agencies if they believe that their personal data has been misused. If an investigation finds a firm violated the privacy protection rules of GDPR, it could face penalties up to 20 million ($22 million) or 4 percent of a company’s total global revenue - whichever is higher.
Google told the Associated Press that it will cooperate fully with Ireland's Data Protection Commission as well as other European regulators.
This is the second investigation by Ireland's Data Protection Commission into Google and the company's practices. In May 2019, the commission launched a probe into how Google's Ad Exchange used customers' personal data for targeted advertisements. That inquiry remains open.
The commission last week also launched an investigation into Match Group, the parent company of dating app Tinder, focusing on how that company is using and processing customer data as well as whether it’s in compliance with GDPR, according to the Associated Press.
Enforcing Privacy Regulations
In Ireland, the Data Protection Commission is charged with enforcing GDPR and about 20 other laws pertaining to privacy rights.
Since GDPR went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports, according to the law firm DLA Piper, which published new statistics in January (see: GDPR: $126 Million in Fines and Counting)
During that time, Ireland's Data Protection Commission has received more than 10,500 breach and privacy complaints, but it has not issued any fines, according to the DLA Piper statistics.
Increased Scrutiny
The latest announcement comes as Google and other U.S. tech companies continue to face increasing privacy scrutiny from European regulators for issues ranging from data breaches to data use and transparency.
In February 2019, the Irish commission announced that it would investigate business profiles of minors posted on Instagram after a study revealed these accounts might be exposing email addresses and phone numbers (see: Ireland Assessing Minors' Profiles on Instagram )
The commission also opened inquiries into data-processing activities of Facebook, Apple, Twitter, LinkedIn, WhatsApp and Instagram over privacy concerns. The watchdog noted that it is focusing on the world's biggest data processors first so that it can extract lessons that others can learn (see: 15 GDPR Probes in Ireland Target Facebook, Twitter, Others)
Back in 2018, the commission launched an investigation after Facebook revealed that it accidentally revealed up to 6.8 million users' private photos to 1,500 apps built by 876 developers for a 12 day period (see: Ireland's Privacy Watchdog Probes Facebook Data Breaches)