A year on from GDPR Day, and Irish eyes are staring in Google’s direction.
Irish regulator opens first privacy probe into Google
Google’s lead regulator in the European Union, Ireland’s Data Protection Commissioner, opened its first investigation into the U.S. internet giant on Wednesday over how it handles personal data for the purpose of advertising.
The probe was the result of a number of submissions against the company, the Irish Data Protection Commissioner said, including from privacy-focused web browser Brave which complained last year that Google and other digital advertising firms were playing fast and loose with people’s data.Ireland’s Data Protection Commissioner launches investigation into Google’s advertising and compliance with GDPR
Dr Ryan [Chief Policy Officer at Brave] said his evidence to the DPC “revealed a massive and ongoing data breach” in which Google’s DoubleClick/Authorized Buyers “leaks intimate data about the people visiting these websites to thousands of companies every day”.
I noted The Register’s footnote on this story, about that “privacy-focused web browser Brave”.
Irish data cops are shoving a probe right into Google’s ads
There is some irony in Brave being built on Chromium, the browser engine built and maintained by – who else? – Google. Ryan told us that Brave had “certainly not” seen any pushback from Googlers involved in the Chromium project.
It could be an extremely expensive problem for Google though, as all the reports are keen to point out, although I can’t imagine it would come to that.
Google is facing its first GDPR probe from Irish privacy regulators
If found guilty, the potential penalties for Google would be enormous. The GDPR authorizes fines as high as four percent of global annual revenue, which would total $5.4 billion in Google’s case. Even more damaging, the company would have to fundamentally reshape its ad system in order to avoid future fines.
There’s quite a lot of attention on Ireland’s Data Protection Commission already.
Ireland sits idly by as GDPR goes unenforced
Politico shares an investigation into why the GDPR’s lead regulator Ireland has failed to bring a single enforcement action against the big tech companies it is supposed to watchdog.
These are hugely complex cases, that will be setting precedents that may redefine how these companies operate.
Irish data official defends tech investigation record: ‘They’re not overnight’
Helen Dixon said the reality is it will take time to produce results from the 18 major technology investigations her office is pursuing — 11 of which involve Facebook or its platforms WhatsApp and Instagram.
“These aren’t matters where we can take in a complaint today and tomorrow make a conclusion on it,” Dixon, Ireland’s data protection commissioner, said during an interview at POLITICO’s Washington-area headquarters. “They’re not overnight, and anyone who understands anything about the process understands it takes time.”
Others agree.
Is Ireland too soft with GDPR enforcement, or just being prudent?
Jules Polonetsky, CEO of the Future of Privacy Forum (FPF), comes down on the side of patience. In fact, he argues that while fines tend to get most of the headlines, they aren’t as important as the major precedents that regulators will be setting – precedents that will “redefine business models.” That, he said, takes time to be done right. […]
Danny O’Brien, international director of the Electronic Frontier Foundation (EFF), an aggressive privacy advocacy group, also isn’t troubled – at least not yet – about GDPR enforcement taking some time to get in gear. “There’s a lot about how the whole system was going to be organized that was left unsaid in the GDPR, so I think it’s fair to say that no-one was expecting anything to happen very quickly,” he said. “It’s not necessarily the Irish DPC’s fault.”
Let’s wait and see, then.
Miscellaneous Details 