Tag: Google
21. March 2019
On Wednesday Google was fined 1.49 billion euros by the European Commission in connection with hindering competitors in the online advertising business.
The accusation is that Google has illegally made use of its market dominance.The company inflicted a number of exclusivity clauses in contracts with third-party websites which prevented the company’s competitors from positioning their search adverts on these websites. This concerns a small area in Google’s “advertising machinery”. But still, as a result, other advertisers and website owners “had less choice and likely faced higher prices that would be passed on to consumers,” claimed the EU’s competition commissioner, Margrethe Vestager.
In the last two years, this represents the third time that Europe’s antitrust regulators, lead by Danish competition commissioner Margarethe Vestagers, fined the tech company. Google has appealed against the two previous fines. The first fine (2.42 billions euros) was for manipulating online shopping results and directing visitors to its comparison-shopping service at the expense of its contestants. The second one amounting to 4.34 billion euros concerned mobilephone producers that were forced to use Google’s Android operating system to install the company’s search and browser apps.
20. March 2019
The website Cookiebot recently published a report of its “Ad Tech Surveillance on the Public Sector Web”. They used their scanning technology to analyse tracking across official government websites and public health service websites in all 28 European Union member states. More than 100 advertising technology companies track EU citizens who visit those public sector websites by gaining access through free third-party services such as video plug-ins and social sharing buttons.
Said ad trackers were found on 25 out of the 28 official government websites in the EU. Only the Dutch, German and the Spanish websites had no commercial trackers. Most of them were found on the French website (52 trackers) followed by the Latvian website (27 trackers).
Cookiebot also investigated the tracking on Public Health Service Sites and found out that 52% of landing pages with health information contained ad trackers. The worst ranked one was the Irish health service with 73% of landing pages containing trackers. The lowest ranked country – Germany – still hat one third of its landing pages held trackers.
Those trackers got in via free third-party website plugins. For example, Ireland’s public health service (Health Service Executive (HSE)) installed the sharing tool ShareThis, which is like a Trojan horse that releases more than 20 ad tech companies into every Website it’s installed on.
Most of the tracking tools are controlled by Google. It controls the top three domains found and therefore tracks the visits to 82% of the main government websites of the EU. A complete list of all the trackers can be find in the published report.
25. January 2019
On 21st of January 2019, the French Data Protection Authority CNIL imposed a fine of € 50 Million on Google for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
On 25th and 28th of May 2018, CNIL received complaints from the associations None of Your Business (“NOYB”) and La Quadrature du Net (“LQDN”). The associations accused Google of not having a valid legal basis to process the personal data of the users of its services.
CNIL carried out online inspections in September 2018, analysing a user’s browsing pattern and the documents he could access.
The committee first noted that the information provided by Google is not easily accessible to a user. Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are spread across multiple documents. The user receives relevant information only after carrying out several steps, sometimes up to six are required. According to this, the scheme selected by Google is not compatible with the General Data Protection Regulation (GDPR). In addition, the committee noted that some information was unclear and not comprehensive. It does not allow the user to fully understand the extent of the processing done by Google. Moreover, the purposes of the processing are described too generally and vaguely, as are the categories of data processed for these purposes. Finally, the user is not informed about the storage periods of some data.
Google has stated that it always seeks the consent of users, in particular for the processing of data to personalise advertisements. However, CNIL declared that the consent was not valid. On the one hand, the consent was based on insufficient information. On the other hand, the consent obtained was neither specific nor unambiguous, as the user gives his or her consent for all the processing operations purposes at once, although the GDPR provides that the consent has to be given specifically for each purpose.
This is the first time CNIL has imposed a penalty under the GDPR. The authority justified the amount of the fine with the gravity of the violations against the essential principles of the GDPR: transparency, information and consent. Furthermore, the infringement was not a one-off, time-limited incident, but a continuous breach of the Regulation. In this regard, according to CNIL, the application of the new GDPR sanction limits is appropriate.
Update: Meanwhile, Google has appealed, due to this a court must decide on the fine in the near future.
19. December 2018
As it is widely known these days, the General Data Protection Regulation (GDPR) came into force earlier this year to standardize data protection regulation in the EU. This has now lead to the fact that Google will update the company’s terms of service and privacy policy to be compliant with the GDPR.
The company started to notify the countries in the European Economic Area (EEA) and Switzerland in regard to some upcoming changes. They will come into effect on January 22, 2019.
The most important update, also legally, is the change of the data controller. The Google Ireland Limited will become the so called “data controller” who is responsible for the information of European and Swiss users . Therefore, Google Ireland Limited will be in charge to respond to request from users and to ensure compliance with the GDPR. At present, these services are provided by Google LLC, based in the U.S.
For website operators this means that they might also have to adapt their privacy policy accordingly. This is the case, for example, if Google Analytics is used.
Furthermore, there are no changes in regard to the current settings and services.
30. October 2017
Google released its Advanced Protection Program. The program is meant to make stealing passwords pointless. With help of two inexpensive physical keys it is possible to log in into the Google account on computer and smartphone.
Because of this two-factor authentication the account is secured. Even if the password is stolen in a data breach or successfully phished, the hackers cannot login, because they don’t have the keys as well. The minimal and cost effective effort has a big impact.
Google’s development of a two-factor authentication relies on a Chinese hacker attack in 2010. Since then Google’s motto is “Never ever”.
Addressees of the Program are according to Google people who have a high risk of online attacks, like journalists, victims of stalking and dissidents inside authoritarian countries. The idea of the program is to provide people with a physical device that is harder to steal than a text message or other two-factor authentication tools.
Except these people with a high risk, anyone with a Google account can sign up for the security program. Google has an Advanced Protection webpage for the sign up. In addition to the Advanced Protection Program to be able to use two physical keys are necessary. Each one costs about $20.
28. March 2017
In consequence of the Westminster Bridge attack in London, Home Secretary Amber Rudd announced that she wants to meet several tech giants in order to make sure law enforcement is able to access encrypted data for terrorism investigation.
The topic came up as the attacker reportedly used the messaging application WhatsApp shortly before his attack began. As WhatsApp uses end-to-end encryption, neither law enforcement nor WhatsApp itself can read messages. The same applies to Apple’s iMessage. While Rudd did not want to make public which tech companies she will meet in detail, Google confirmed that it will be meeting the UK government.
“We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other,“ Rudd said. Labour leader Jeremy Corbin, however, stated that law enforcement already had enough powers and that there needed to be a balance between the right to know and the right to privacy.
In the meantime, Microsoft confirmed that it had provided email information relating to the Westminster Bridge attack to the British authorities after it had received lawful orders.
24. March 2017
On the 22nd of March 2017 Google Maps, came up with a real time sharing location (the newest “share location” option), which now gives its users an opportunity of sharing their whereabouts with each other. It`s range is said to be from 15 minutes till around three days.
Since now on your friends can follow your location (if you will make it visible for them), for example when you attempt to navigate the city’s bus system or while you are stuck in traffic. Its aim is to make the social life like meetings and hang-outs easier by giving your friend an updated information on your localization.
Furthermore, via this new option, it is also possible to create itineraries, see the most popular local businesses hours, track parking spots or special traffic-destroying events around the area.
All of these facilities have their price to be paid though. Namely, if you will activate this option Google is going to get all the information about your daily habits and rituals (on what you are doing, when, where and which is your favorite coffee shop), which could later be sold for instance to advertisers.
However, Erik Gordon, a student of the University of Michigan’s Ross School of Business´ (entrepreneurship and strategy) says: “If you can couch it in social, it’s your friends that can track you—not that Big Brother can track you, not that an ad server can track you, not that Travis Kalanick can track you”.
Google itself stresses the interface makes it clear that the option to share will be entirely and only in the hands of the individual users when it comes to sharing locations.
14. February 2017
Last week Google contacted millions of app developers informing them about their apps’ violation of Google’s User Data policy.
According to this policy, apps which handle personal or sensitive user data must post a privacy policy in the designated field in the Play Developer Console, as well as within the app itself and handle the user data securely, for example by using cryptography for transmitting them.
Millions of apps handling with personal data do not have a privacy policy and thus do not contribute to providing a clear and transparent experience for Play Store users. Google set a time limit of 5 weeks, until March 15 this year for the apps to comply with the User Data policy. Either the developers shall include a link to a valid privacy policy or remove any requests for sensitive permissions or user data. Otherwise Google might limit the visibility of those apps or even remove them from its Google Play Store.
9. February 2017
Lately, Google has lost a court case (in Philadelphia) on e-mail data storage on foreign server, so that, according to the judgement, from now on the data should be sent to the US FBI security service.
The Court diverges from the existing case-law since, in a recent case, Microsoft has successfully denied the publication of data stored on servers in the European Union, and referred to the legal requirements in the EU.
As a reason for Google’s publishing obligation, the judge argued that Google is constantly copying data between its data centers, so that it should be only needed a further transfer of the data requested by the FBI to the US, in order for the FBI to access it. Although this could be a violation of the rights of the user, this violation would take place in the USA and because of that again covered by the law. According to the court, the data transfer therefore does not represent any access to foreign data anyway.
Following the proclamation of the judgment, Google has already commented on the procedure and announced to appeal against the decision, and continue to oppose to all official demands that go too far. Google has also explained that data is distributed on the servers around the world for technical reasons and in some cases it is not at all clear where the data is being stored. The verdict shows that each year Google receives from the US investigators somewhat 25,000 information requests.
13. December 2016
Peter Fleischer, a global privacy counsel, raised the question: „Should the balance between the right to free expression and the right to privacy be struck by each country?“
In basic terms, the right-to-be-forgotten is a right of every European citizen to demand the erasure of certain links from the internet. However, this can also be seen as cencorship and rewriting history, which is why there is a neverending debate upon this topic.
The French Data Protection Authority, CNIL, has demanded an ultimate right-to-be-forgotten, which would mean that French data could be demanded to be removed, for example from Google search, from all over the world.
The problem which might occur is that also non-democratic countries have to follow this rule in theory. One might argue that the internet can be seen as as an independent source of infromation that is now being endangered.
Google disagrees with the idea that the right-to-be-forgotten should also be applied upon the countries outside the Europe.
Google’s only confirmation is that it is acting in accordance with the local laws as well as within the standards set by the European Court. What is more, Google makes a promise to remove the respective links from all European Google versions simultaneously.
Nevertheless, it has also beeen pointed out that one still could have found a link on the non-European version of Google.
As a feedback Google has delisted links as well on Google.com, Google.co.kr and Google.com.mx.
