The General Data Protection Regulations (GDPR) implemented by the European Union in May last year to protect the privacy of citizens of the European Union. On the first day of GDPR implementation, Google was immediately reported and allegedly violating the relevant regulations. After several months of investigation, there are finally results today. Google was found guilty of violating the rules and paying a fine of 50 million euros (about 450 million Hong Kong dollars).
The ruling points out that when users want to get personal information in Google, they often need to go through multiple steps to get it. In addition, there are many services involved, which makes the information lack transparency and integrity.
Also, although Google will get user consent before getting personal information, there are two serious problems. The first is that the “ads personalization” function is enabled in default, and the GDPR column name, functions related to personal data must be clearly understood by user, and need to be enabled by user. The second is that Google’s descriptions when asking permissions is too vague and lacks the “specificity” required by GDPR.
This is the first GDPR judgment made on a large US company, and how much impact it will have on other companies remains unknown.