As the General Data Protection Regulation came into force, companies that process personal data of EU citizens, are expected to comply with a stricter approach to data privacy and protection. US tech giant Google is not the exception.
French Data Protection Regulator (“CNIL“) fined US tech giant Google with a 50€ million fine. CNIL claims that Google failed to provide transparency and clarity in the way it informs users about the handling of their personal data. Also, Google failed to obtain specific consent and didn’t have set legal basis for personalised advertising. Read more on How Does GDPR Affect Direct Marketing and Profiling.
It is not the first fine to be issued under the GDPR. However, so far, it is the biggest one to be issued by the European regulator.
Privacy by design. It is important to consider data protection and privacy aspects at the initial design stages of the product and services. Therefore, privacy and data protection should be embedded into the design, rather than trying to add it on later.
Records of processing activities: Under the GDPR, the company has an obligation to keep records of the processing activities of personal data under certain conditions and it is important for the company to have a clear understanding of what personal data is being processed and in what way.
Visibility and Transparency: Accountability, compliance and transparency are required for an effective and secure system. Thus, it is important to be clear about your system and the level of security it provides.