Google being hit with a massive $56.8 million data protection fine really came as shock to many. In fact, it is one of the only times a tech giant was found violating the new regulations that came into action last year.
According to CNIL, the fine was imposed on Google due to their failure to provide to their users enough information on data consent policies. This, in turn, gave the users less control over how their information was being put to use. The GDPR regulators clearly stated that Google hasn’t yet employed data protection strategies sufficient to comply with the regulations.
GDPR requires organizations like Google to gather their users’ genuine consent before receiving any of their personal information. This further calls for the employment of an opt-in process that allows the people to withdraw anytime.
It was in May 2018 that complaints were first filed against Google by noyb and La Quadrature du Net (LQDN) – privacy rights groups. The first complaint under GDPR was filed against Google on the day the legislation came into effect-- 25th May 2018.
The main claim posed by the two groups against Google was that it didn’t have a legally valid basis to gather user data for ad personalization. Though Google’s European headquarters, located in Ireland, the situation was handled by the French watchdog. This is due to the Irish data regulator not having enough decision-making power over the Android operating system and services.
By far, Google has bagged the biggest GDPR fine of around $56.8 million USD. Though the amount may seem large, it is still small when compared with the maximum limits allowed under the GDPR—up to 4% of a company’s global annual revenue. Last December, a fine of €400,000 was imposed against a Portuguese hospital when its staff used fraudulent accounts to collect patient records.
In response to the news, a Google spokesperson addressed the public saying, “People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR.”
The GDPR is still relatively new, and many companies were under-prepared when it first came into existence. Still, many organizations are not yet fully compliant.
Whether you are a GDPR compliance specialist or not, there are certain actions that you could take to help your company maintain compliance with GDPR. This includes regularly assessing controls, policies, and procedure and keeping them up-to-date. Additionally, investing in adequate cybersecurity is required to comply with data protection aspects of the GDPR.
In order to help companies comply with GDPR regulations, SYSTRAN teamed up with Reed Smith (an international law firm) to develop the SYSTRAN Anonymizer. The software can be of great assistance with GDPR compliance by removing or “pseudonymising” personal information in text. According to Reed Smith partner David Cohen, “I know of no tool that can more effectively mask or ‘pseudonymise” massive amounts of personal information at such low cost—whether for cross-border discovery in litigation, or general data protection purposes.” The Anonymizer can readily be integrated into many platforms. According to the Recital 26 of the GDPR “[t]he principles of data protection should… not apply to anonymous information, namely… personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. …” Thus, using the Systran Anonymizer can help organizations achieve GDPR compliance and protect against the imposition of potentially massive penalties.
To learn more contact SYSTRAN.