It seems like a long time since the Spring of 2018 when the new GDPR rules came into force. The word on the streets at the time was that its primary purpose was to bring the big tech companies into line. You won’t be surprised to hear that one of the first big GDPR fines goes to Google. It’s just been fined 50 million euros (£44m) by the French data regulator CNIL, for a breach of the rules.
We have a love-hate relationship with the internet. It makes our lives much better and such a lot easier in so many ways, yet there are downsides to it. Being followed around on different websites by ads for things you’ve recently thought about buying is just one of many niggles which we tolerate.
It will be interesting to see if ad personalisation changes in the future, as this is where Google tripped up and landed themselves with the hefty fine.
‘Not sufficiently informed’
CNIL said it had levied the record fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
The regulator said it judged that people were “not sufficiently informed” about how Google collected data to personalise advertising.
In a statement, Google said “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.” They are now “studying the decision” to determine next steps.
GDPR in Action
It seems that the two privacy rights groups who filed the complaints against Google waited until the day that the new legislation took effect.
The regulator upheld their complaint because a user couldn’t easily find Google’s policies on processing data. You’ll remember that clear, simple guidance on how data is used and stored is at the heart of GDPR. In the regulators opinion, “users are not able to fully understand the extent of the processing operations carried out by Google”.
Is this the first of the big GDPR fines?
Other tech giants including Amazon, Apple, Netflix and Spotify are also facing GDPR complaints.
Honesty is the best policy
When you publish something online it is as if you are talking to lots of people, all at the same time. You wouldn’t lie straight to someone’s face, and it’s generally best not to do it on the internet either.
The best way to get your website to the top of the search engines is to be engaging, make sure it’s written in plain English, stick to the subject and be an authority in your field. Do this, and consistently publish new content, and your website will be picked by the Google algorithms.
The same applies to your GDPR statements (and policies). State clearly what you are doing with client data, and do what you’ve stated. If it’s within the GDPR rules you won’t go far wrong. The big GDPR fines will undoubtedly come first, but none of us is immune to a complaint.
If you do find yourself in hot water with the Data Regulator, you can always contact us at Jones Harris for a no-obligation chat about what to do next.
Get the latest updates
Make sure that you’re following our website and sign up for the Jones Harris enewsletter here