In the news last week, Google received a fine of £44 million for breaches of the relatively newly implemented GDPR rules. According to news outlets, Google was hit with the fine due to a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. Several groups have claimed that Google has lacked legal basis to process personal data to use it for ad personalisation, hence meaning that they have received multiple complaints since May 2018. In a recent statement, Google has said that “we’re deeply committed to meeting those expectations and the consent requirements of the GDPR”. Let us delve a little further to develop a better understanding of the issue.
The first mistake made by Google was that the search engine did not have transparent enough consent from consumers to use their data. This is, arguably, a little harsh since most consumers merely click buttons without thinking; they do not actively consider where their data is going. Nevertheless, Google did break the rules as stipulated by the GDPR. Secondly, Google has made the mistake of having personalised ads as a “pre-ticked” option meaning that consumers are not explicitly aware of how their information is being used. This does not comply with the GDPR rules, however, is it not the responsibility of the consumer to ensure that they check all the small details? Whatever, the verdict, we see that Google has received much criticism for failing to comply to the GDPR regulations. The record fine will hopefully force Google to rethink about their data usage so that they can avoid more financial penalties. Only time will tell whether such penalties make a difference!