Penalty for the Good Corporation: what will happen to Google and others for violating the GDPR
September 29
21st Today, the National Committee for the Citizenship of France (CNIL) took a visit to its website and fined Google for violating the EU General Regulations on the Taxist (GDPR). Pivroku knew the regions of the EU in order to abi increase the level-up at the size of penalties for not meeting the given standard. Until then, they were fined mostly in the amount of 20,000–30,000 Euros, and the largest fine was for 400,000 Euros and a fine to the hospital in Portugal. But the precedent of tsіkaviy not stile the sum of the fine, but the toughness of the steps of the regulator. Denis Beregovy, Axon Partners' shareholder, will explain this, especially for Mind.
For scho? Groups of skargs on Google arrived before СNIL on that very day, if the GDPR had typed honors. Skarzhniki told about the processing of Google personal tribute koristuvachіv without proper support, zokrem, with the help of personalized advertising propositions.
To the attention of Ukrainian security officers: the inspection was conducted online, without searches, without seizure of servers or other visible interference for business. And so it was possible.
According to the results of CNIL inspections revealed violations of two requirements of the GDPR:
- Transparency and awareness of users about the processing of personal data.
- Lack of proper user consent for the processing of personal data for the purpose of personalizing advertising.
This is the window of personalization settings ads in the Google account
However, CNIL does not think so, because the information about the personalization of advertising is not clear enough to users. As an example, the Commission claims that the relevant "Personalization" window does not contain information on the full range of Google services that collect and process personal data for this purpose (YouTube, Google search, Play Store, Google pictures, Gmail, etc.), and therefore, the user cannot realize to what extent the data is used and how exactly they can be combined.
So, let's walk through the text of the CNIL decision
Why France and not Ireland. Google operates in Europe through a legal entity in Ireland. But the case was not initiated by the Irish, but by the French regulator. This is why it happened.
If data processing decisions are taken anywhere outside the EU, there is a one-stop mechanism - where the complaint is received, the body considers it. Because Google's data processing center is located in the United States and the complaint was first received in France, CNIL considered it.
