Browser minnow Brave nips at Google with GDPR complaint Browser-flinger Brave's chief privacy and industrial relations officer, Dr Johnny Ryan, has has complained to the Data Protection Commission of Ireland, with copies to other European data protection commissions, to complain of claimed breaches of the EU's General Data Protection Regulation (GDPR) by Google. A complaint on …
Mr Ryan has a point. The policies are hopelessly vague and meaningless, and would appear to allow essentially anything.
Question: In the US, Google has obtained user's healthcare data without asking for or obtaining the user's consent.
What, if any, Google policy covers the use of that data? Will Europe's GDPR allow Google to obtain that kind of data in those countries?
GDPR would mean that Google couldn't get the data in the first place, without the user's consent and explicitly defining what it will be used for and for how long they will keep it (the law says the minimum amount of time required to carry out the tasks defined in the privacy policy).
This actually seems to be the norm, even for (relatively) small companies. We're conducting research into privacy notice standards, and so far the results are extremely depressing.
Practically speaking, it's impossible for a data subject to raise an objection based on the information in a typical "privacy policy" and a high percentage require the data subject to "agree" to them, thereby superimposing an unlawful version of "consent" on top of all other lawful bases fro processing declared. However, at least in the UK, the regulator doesn't seem particularly concerned. Indeed, when last examined the ICO specimen privacy notice for small businesses itself had some of the faults we've identified.
Two key points seem to have been missed by all and sundry:
[1] the GDPR is not data law - it's human rights law
[2] a privacy notice is not a contract with the data subject - it's a statutory unilateral and binding undertaking by the data controller to the data subject
“These repeated allegations from a commercial competitor don't stand up to serious scrutiny."
I think you’ll find the allegations stand up to any kind is scrutiny. Googlies is and has been taking the piss for many years. Just why the EU didn’t slap a massive GDPR penalty on them as soon as GDPR became law is unfathamable. Same goes for faecesbook (obvs).
And, as a side note, Googlies always answer these “allegations” (aka facts) by pointing out that users can change the settings in their accounts. But this does absolutely nothing to address the issue of them stalking people who do not have and have no wish to have any kind of account with them.
Yup. I've finally come to the conclusion I'm mad as hell and I'm not gonna take it any more. I've moved my business and personal email to Tutanota (much as it pains me, because GMail is actually more usable as it stands, though I'm hoping threaded conversations will come to Tutanota some day), I've stripped Google Analytics from my website (I decided it was hypocritical to block it myself while subjecting others to it), and I'm now looking for a usable, transparent, and effective replacement for reCAPTCHA v3 for my contact form (damn them for making it so good) - suggestions welcome.
Absolutely. Claiming that millions are checking their permissions means diddly-squat when your user base is measured in billions.
Besides, if you pre-empted GDPR and configured yourself to actually respect privacy first, then nobody would need to check their permissions because you would be waiting on them to grant you permission to their data.
If that ever happens, I'll bet my shirt that Google will be using popups and popunders to get people to give them permission to use their data.
But, since it'll never happen, I'll just keep on dreaming.
I'm willing to bet that a lot of those people aren't there because they want to review or change their security settings. With a number that high, I'm guessing it's people working with two-factor authentication, either trying to add a device, delete an old one, or turn the feature on or off. Of course, Google doesn't realize that, if the settings don't really let you do much, it doesn't help people to have them available.
Hi AC,
Gary from Google here. Glad you posted from Chrome. Just a gentle reminder that we know where you live. And it would be a shame if something happened to that nice new bike you bought. Oh, and the kids’ Android phones show their route to school as well, which is all part of the value of our offering I’ll think you’ll agree.
Anyway, just wanted to ask you to dial down the cynicism and negativity a little - not what the world needs right now, eh?
Sure we understand each other. Mind how you go.
Google sent Ryan an email stating: "We do not agree with your assertions regarding the alleged inadequacy of the Google privacy policy and Google privacy practices generally, and reserve our position accordingly."
I'm reminded of the great prophet M'andee-rice Davies.
Dear Register please set an example and refuse to use a quote unless the person is willing to allow their name to be used.
That way the spokes person is less likely to lie and more likely to say something interesting. Also unless they are a subject matter expert insist on the name of the person that provided them the answer and their credentials
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
