GDPR: Google doesn't pass regulation?

Published: 22/01/2019 By Elliott Rowland

Google has been fined 50 million euros (£44m) by the French data regulator CNIL for a breach of the EU’s data protection rules.

Google were judged to have not “sufficiently informed” people about how they collected data in order to personalise advertising. They were judged to have not obtained clear consent to process user’s data, and that there was a lack of transparency as “users were not able to fully understand the extent of the processing operation carried out by Google.”

Google’s £44m reprimand is a clear reminder that GDPR is most definitely in force, and that businesses should not underestimate the ramifications of the regulation just because the initial furore about the legislation has died down.

Let’s be clear, your business is highly unlikely to be on the radar of privacy rights groups. The first complaint against Google was filed on the 25th May 2018, the day the legislation took effect, suggesting that Google was firmly in the sights of groups looking to protect our personal data who were almost counting down the days to have sufficient clout to go after Google.

However, that doesn’t mean that you should bury your head in the sand in the vague hope that you won’t get caught, or that you think you’re simply too small for the regulation to apply to you.

Amazon, Apple, Google, Netflix and Spotify have all had complaints lodged against them in recent months, and whilst these complaints have been mainly brought forward by the privacy campaign group noyb (whose slogan is “My Privacy is none of your Business) who will most likely target the big online giants, there is no doubt that these high profile cases will bring to the fore the issue of data protection and place this issue back into the public’s focus.

There’s no doubt appeals, counter appeals and legal wrangling focussing on the specifics of the legislation could delay any definitive action against these companies, but their PR machines will be doing their best to limit the damage done to the public perception of what these companies are really doing with your data.

The lesson to be learnt is – make sure you’re prepared. The chances of being caught might be slim if you run a small business, but bemoaning your ill luck isn’t going to help you meet your legal obligations if a complaint is raised against you. These cases will increase the profile of GDPR, meaning the general public are more likely to become aware of the details of this previously confusing or ignored regulation, and subsequently hold your business to account more than ever before.

However, perhaps more importantly, the issue of trust is becoming a primary focus of your customers’ attention. The way you communicate with your customers and why is under intense scrutiny. Whatever your thoughts on GDPR, there’s no doubt that failure to be transparent and open with your communication can have a detrimental effect on your business.

Ask yourself the question, why do you collect personal data and how do you use it? If you’re happy with these answers, then it’s likely your potential customers will be happy to give them to you. If you’re not, then it’s likely people won’t give you the information in the first place, meaning your digital marketing could be having the opposite effect to what you hoped. This isn’t just a question of ensuring you abide by GDPR, it’s a case of abiding by the expectations of your customers in an evolving digital minefield.

*Source, BBC News, 22/1/19