Internet search engine giant Google is the first tech company to face the wrath of EU regulators, having been fined £44-million (€50 million) for breaching the General Data Protection Regulation (GDPR) in France.
But although the amount – which is still below the maximum fine allowed under GDPR (€20-million or 4 percent of global turnover) – is not insignificant, it is the implications for other players in the tech space that is perhaps the bigger news.
Google were fined in response to an investigation conducted by French regulator CNIL and premised on complaints relating to how the company handled personal data. But data experts have warned that this may just be the tip of the iceberg, with other multinationals such as Facebook, Amazon and Twitter which use audience data to target advertising also at risk of being in breach of GDPR.
According to The Independent, there have been numerous complaints against the likes of Apple, Amazon, Netflix and Spotify, in which the accusation is that the companies are in breach of Article 15 of the GDPR which requires them to respond to private citizen's data requests.
Cloud data company Talend estimates that 74% of UK-based companies have failed to acknowledge similar requests – a situation that senior director at Talend describes as “embarrassing'.
What does this mean going forward?
In simple terms it means that there needs to be a revision of the tech model driving targeted advertising, with improvements in anonymising data sufficiently so as to protect consumers, a significant improvement in response times for customer requests for data to be supplied to them, and better compliance on opt-in mechanisms across multiple forms or mechanisms.
"The penalty imposed on Google by the French regulator can be seen as a warning shot at the digital industry at large," said Ron Moscona, a partner at international law firm Dorsey & Whitney who focuses on privacy rights.
For any queries around your website's GDPR compliance contact Realnet today on 01223 550 800, or contact us here.