Google Faces Irish Advertising Probe For GDPR Compliance

The Irish Data Protection Commission (DPC) has begun an investigation into Google’s advertising service and whether it is obeying Europe’s strict privacy rules.

The investigation comes almost a year since the General Data Protection Regulation (GDPR) rules came into affect in Europe, and they strictly govern how companies must treat people’s data. Companies for example can be fined up to 4 percent of global annual turnover if the offence is serious enough.

The GDPR rules have already bitten Google quite hard already. In January Google was slapped with a 50 million euro (£44m) fine.

GDPR probe

That fine, issued by the France’s data protection office (CNIL), found the US search engine guilty “for lack of transparency, inadequate information and lack of valid consent regarding the ads personalisation.”

But now the Irish DPC is also investigating whether Google’s use of personal data to target online advertising is compliant with European privacy rules.

The probe concerns Google’s Ad Exchange system, which is used by companies to target people with adverts across the internet.

“Arising from the Data Protection Commission’s ongoing examination of data protection compliance in the area of personalised online advertising and a number of submissions to the Data Protection Commission, including those made by Dr. Johnny Ryan of Brave, a statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange,” the DPC announced.

“The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR),” it added. “The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.”

“We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding,” Google told the BBC. “Authorised buyers using our systems are subject to stringent policies and standards.”

DPC investigations typically take 8 months before a draft decision is made, although it depends on the complexity of the probe.

Facebook, Marriott and British Airways are among the organisations that have been hit by major data breaches since the GDPR came into effect.

Last November seven European consumer groups filed GDPR complaints against Google’s location tracking service.

Quiz: Are you a Google expert?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

1 day ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

2 days ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

2 days ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

2 days ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

2 days ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

2 days ago