The Information Commissioner’s Office is to work alongside regulators in Europe to establish whether Google has fallen foul of more GDPR rules.
The ICO, which enforces European data law in the UK, is now investigating measures to take following a number of complaints raised against the tech giant.
The ubiquitous search engine is still in the news following the record-breaking $50 million fine leveed against it by the French regulator, CNIL, after noyb.ey (the European Centre for Digital Rights) and La Quadrature du Net (LQDN) flagged up Google’s failure to give users transparent and easily-to-understand guidelines on data usage policies.
The complaints traced back to Googles ‘forced consent’ push through pop-up boxes – mechanisms that Facebook also employs. The pop-ups call on users to agree to data harvesting in order to gain access to the sites and applications.
Noyb and LQDN were the first to raise the malpractice, filing complaints in May of last year, just one week before the GDPR axe began to swing. The then chairman of noyb.ey, Max Schrems, said at the time.
“Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases.
“Facebook has even blocked accounts of users who have not given consent. In the end, users only had the choice to delete the account or hit the ‘agree’ button – that’s not a free choice, it more reminds us of a North Korean election process.”
Facebook and Google are soon to celebrate their 15th and 20th birthdays respectively, but both have some growing up to do with regard to how they handle user data in the GDPR era.
Complaints have increased considerably since the GDPR’s implementation on 25th May 2018, a trend that is attributable in part to wider consumer awareness and individuals exercising their newly granted rights as data subjects. As engagement has risen, so more organisations have sought to educate themselves on their new responsibilities in the eyes of the Information Commissioner’s Office.
A spokesperson for the ICO said:
“Following the notice of the French supervisory authority (CNIL) to fine Google, the ICO is currently reviewing the notice to consider its content and possible next steps. The ICO is also liaising with other data protection authorities across Europe on this topic.
“Google is an organisation that offers products and services to a large number of individuals both in the UK and worldwide. We have received complaints regarding Google which are being reviewed.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/