Search giant Google is facing its first challenge relating to the GDPR policy after various consumer groups across seven different European countries filed complaints against the company’s location tracking software.
The European Consumer Organisation, of which the consumer groups are all members, has claimed that Google employs deceptive practices in relation to location tracking, stating that it does not give its users a choice about enabling or disabling it, and that the company does not correctly inform its users about what its tracking policies entail. It alleges that this therefore puts Google in breach of GDPR.
If these complaints are upheld, Google could be faced with a hefty fine.
The seven consumer groups come from Norway, the Netherlands, Greece, the Czech Republic, Slovenia, Poland and Sweden. They have issued their complaints to the necessary national data protection authorities in line with GDPR. The complaints have been triggered in light of a discovery that the search giant is able to track the location of a user even when the ‘Location History’ option is disabled. It was discovered that a second setting under ‘Web and App Activity’ also needs to be switched off in order to completely prevent GPS tracking, and this is switched on by default.
The European Consumer Organisation has claimed that Google has been using deceptive practices to get its users to keep both of these options enabled, and not fully informing the users of what keeping these options switched on means for them. Therefore, users are not able to freely give consent to Google.
In response to these complaints, Google has said that the Location History setting is disabled by default and has made it clear that switching the setting off does not prevent all location tracking capabilities. Furthermore, it has said that it will be reviewing the report to check if it contains any details and information it can take on board and learn from.
Google isn’t the only major tech firm to face a GDPR complaint. Earlier in the year, the Irish privacy commissioner stated that it was to investigate social media site Facebook over a security breach that had an effect on as many as 29 million accounts.
GDPR, which stands for General Data Protection Regulation, is a new legislation that came into effect in May this year. As it is still fairly new, it remains relatively untested in court, meaning that it is still unclear on exactly how strong the case being presented by the seven consumer groups will be. Should it prove to be successful, this means that Google could be liable to pay a fine equivalent of 4% of its global revenues, which could result in a $4bn penalty based on its financial results for 2017.