Legal Area: Ireland’s Data Protection Commission (DPC) opens investigation into Google.

Key-words: privacy - GDPR - Google - Ireland’s DPC

A few days before the first anniversary of GDPR (which came into effect on 25th May 2018) the Irish Data Protection Commission announced that ‘a statutory inquiry pursuant to section 110 of the GDPR has been commenced in respect of Google Ireland Ltd’s processing of personal data in the context of its online Ad Exchange’. The investigation being carried out by Google’s lead authority under the GDPR occurs after that the US tech-giant has already been fined 50 million Euros by the French Authority earlier this year. The suspected infringement concerns Google’s processing of data in advertising transactions and especially its DoubleClick/Authorized Buyers system, a system installed on over 8.4 million websites that collects personal data about every single visitor and broadcast them to thousands of potential advertisers to solicit their bids for the opportunity to show an ad to that specific user. This practice may be found to be contrary to the EU privacy laws that require that personal data be tightly controlled and individuals be adequately informed about what will happen to their data (Art. 5, GDPR), and if so, according to the Article 58 GDPR, Irish DPC may impose on Google even a definitive ban on processing data in ad transactions, in addition to an administrative fine of up to 2% of its total worldwide annual turnover (that may rise to 4% in case of non-compliance with the order of the supervisory authority).


Source: Ireland’s Data Protection Commission (DPC)



To read the PDF click here.