Slashdot Mirror
Google Fined $57 Million By French Data Privacy Body For Failing To Comply With EU's GDPR Regulations (venturebeat.com)
schwit1 shares a report from VentureBeat: Google has been hit by a $57 million fine by French data privacy body CNIL (National Data Protection Commission) for failure to comply with the EU's General Data Protection Regulation (GDPR) regulations. The CNIL said that it was fining Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," according to a press release issued by the organization. The news was first reported by the AFP. What the CNIL is effectively referencing here is dark pattern design, which attempts to encourage users into accepting terms by guiding their choices through the design and layout of the interface. This is something that Facebook has often done too, as it has sought to garner user consent for new features or T&Cs.
It's worth noting here that Google has faced considerable pressure from the EU on a number of fronts over the way it carries out business. Back in July, it was hit with a record $5 billion fine in an Android antitrust case, though it is currently appealing that. A few months back, Google overhauled its Android business model in Europe, electing to charge Android device makers a licensing fee to preinstall its apps in Europe. Google hasn't confirmed what its next steps will be, but it will likely appeal the decision as it has done with other fines. "People expect high standards of transparency and control from us," a Google spokesperson told VentureBeat. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."
It's worth noting here that Google has faced considerable pressure from the EU on a number of fronts over the way it carries out business. Back in July, it was hit with a record $5 billion fine in an Android antitrust case, though it is currently appealing that. A few months back, Google overhauled its Android business model in Europe, electing to charge Android device makers a licensing fee to preinstall its apps in Europe. Google hasn't confirmed what its next steps will be, but it will likely appeal the decision as it has done with other fines. "People expect high standards of transparency and control from us," a Google spokesperson told VentureBeat. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."
Based on that, my next speeding fine should be about $0.27
Corporate fines MUST be based on International turnover (they hide profits too well), or better year a minimum of 12 months in federal prison for all of the Management.
Vast amounts of new wealth has to be taxed
A fine for violating a law with a 2-year grace period is not a tax, stupid.
Like, say, they could pay the taxes for the revenue they make in France instead of squirreling it away with some tax evasion tricks.
Then again, paying the fine is probably cheaper.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
No, when a government gets to spend money it is a disbursement from the government budget. A tax is an amount collected from a group of citizens that support the operation of their government. A fine is a measure to discourage criminal behavior, by a person or a corporation.
Get the reasons for the different definitions, just being loud and ignorant doesn't strengthen your argument.
If it's an EU rule then why... Is a specific country fining Google?
Because the EU is a confederation, in which the EP and EC draft the rules, and then each member is tasked with enforcing them on their territory, which is an obligation they have accepted by ratifying the EU treaties.
it is really simple and straightforward.
You obviously have no idea. IP's are "personal information": https://www.alstonprivacy.com/... ; A website by definition serves anyone on the internet ; The rest of your post is likewise red herrings, GDPR is not concerned with whether or not an individual is an EU citizen, anyone located in an EU country is protected by GDPR and can apply for the protections under it. According to one law firm that tries to explain it: "it is likely that EU citizens residing in the US will be given the same protections as those living in an EU country". If you operate a hotel, how would you limit your offers, the goal is to sell yourself to as much visitors as possible, not serving people from the EU would be discrimination in many countries.
Custom electronics and digital signage for your business: www.evcircuits.com
It's a fine, not a tax. If Google wishes to operate within the E.U. then they have to obey the laws of the E.U.
I reserve the write to mangle english.
You obviously have no idea. IP's are "personal information": https:
Wrong, it is you who has no idea. And let me quote the relevant part of the decision for you:
However, the ECJ did not state that in all cases, IP addresses in the hands of a website operator should be considered personal data. Instead, it required an evaluation of “whether the possibility to combine a dynamic IP address with the additional data held by the [ISP] constitutes a means likely reasonably to be used to identify the data subject.”
GDPR is not concerned with whether or not an individual is an EU citizen, anyone located in an EU country is protected by GDPR and can apply for the protections under it.
Wrong, only legal residents of the EU are protected by GDPR. Clearly stated in the law, which you have not read.
According to one law firm
Well, find a competent one, or just read the guides that EU has helpfully posted for more than 2 years now.
If you operate a hotel, how would you limit your offers
Well, you just advertise locally, or if you want orders from within the EU, you comply.
Do you say the same when it comes to China or North Korea? Oppressive, protectionist laws are equally oppressive regardless of the current regime.
I certainly do, if the regime is Oppressive and you disagree then don't do business there. Businesses do not and should not EVER get to select which laws they will and will not obey.
As an EU citizen, albeit for another two and bit months, I don't find these laws oppressive in any kind of way and I'm glad that a level government that represents me is doing something to protect my interests and privacy. Somebody's had to reign these corporations in and the US government has shown no leadership in this area. Put it down to a failed experiment with a new business model and expect companies to adapt or fail. I won't cry if Google and Facebook fail and go the way of the likes of Yahoo Search and My Space.
*THIS*. People lose sight of the fact that EU law doesn't apply outside the EU. Outside the EU includes companies that have no presence in the EU.
That hysteria from some random mom and pop shop having their website visited by someone in the EU was just that: dumb hysteria. If you want to do actual business in the EU then comply with EU law. If you don't then you rightly have nothing to fear.
Well that's easy then pull out of all EU countries and find out who begs who back first.
Yeah, go back to California to sulk and leave a market of 500 million potential customers to your competitors that you have poured considerable efforts and money into making sure remain 3rd rate players with marginal market share so they won't threaten your monopoly. On what level does that seem like an intelligent plan to you? Google is about as likely to abandon the EU market as a pig is likely to voluntarily move out of a field of clover.
It means exactly what is says - that an IP address is not "personally identifiable information" (which, incidentally, is what the law says, too) except in very rare circumstances.
What you describe (linking an IP address and the data that come from it) is nonsense, because even if you have some data that you can connect to a dynamic IP, you cannot be certain that a second connection over that IP will be by the same person based on the IP number only.
Complaining about the GDPR without haven't even read the law produces a crock of badly written shit constructed by people who neither know nor care about what they're doing.
Theoretically, the EU can ask a foreign court to apply the fines if there are relevant treaties in place (the US does this quite often, sending extradition requests left and right, for example). In practice, yeah, it is irrelevant for practically everyone operating outside of the EU.
It's always ACs posting bulllshit about GDPR and claiming its protectionism.
This stinks of a disinformation campaign.
GDPR applies to everybody. It does not target foreign countries.
EU based companies are required to comply with data protection.
EU based companies are prosecuted for failing to comply with data protection.
US and other companies are also prosecuted for failing to comply with data protection.
To avoid prosecution under this law stop fucking break it.
To avoid prosecution for misusing consumer data, stop fucking abusing consumers.
The EU has been doing kangaroo courts
Where? When? Show us all where there's a fucking EU court that hasn't followed due process and has ruled against EU law.
If you look at europa.eu and court verdicts, they never clean their own house.
Nobody ever looks at europa.eu. As for court verdicts, most cases never even get to court. In the UK for instance, the ICO issues legally binding fines without needing to use courts, because the law is pretty fucking clear.
If Google were a German company, it could sell what it felt like, and never see the scrutiny of officials.
Given that Germany's first fine issued under GDPR was against a German company you're looking pretty fucking stupid.
The EU is just doing a very simple tactic. Xenophobia.
Consumer protection applied consistently across companies from anywhere on the planet - including the EU - is now xenophobia? Someone buy this cunt a dictionary.
The GDPR is just a trade war tool, because few European companies deal in data control
Almost every fucking European company deals in data control. Most businesses these days are IT companies with a sideline in manufacturing, retail or something less tangible.
it is crafted explicitly as a bill of attainder, which in more civilized countries is illegal
Just because your shitty business practices are made illegal by the law doesn't make it a bill of attainder. It only criminalises people that refuse to respect and protect the data they hold on others.
Stop being a cunt and you wont be breaking the law. Simples.
Theoretically, the EU can ask a foreign court to apply the fines
They can ask foreign courts a lot of things. In practice the only time this works is if courts determine if the fine is legitimate. In practice even the GDPR legislation recognises the difference between doing business in the EU and just having some random person visiting your site incidentally. I can directly buy something from someone outside the EU just fine and they still wouldn't necessarily need to comply with the GDPR.
Pulling out doesn't mean blocking access to all EU IP addresses. It means shutting down EU subsidiaries, at most. ISPs would then have to decide whether to block google.com or not, but, good luck with that, given how many third party websites load things from Google servers.
The idea that the EU market is so large the EU can pull whatever nonsense it likes is probably going to be tested severely in the coming years. It looks increasingly like a lawless place - GDPR is a classic example of a law that says nothing and everything simultaneously, in which enforcement is entirely political. But there are many other such laws. The idea that the EU is a fair and predictable place to do business is increasingly stressed, and there are plenty of ways to make money from people in it without needing to follow EU law, no more than everyone in Europe has to follow every aspecft of US law to sell products to it successfully.