Iceman | The Cat Herder, Volume 2, Issue 3
|
A large fine arrived! Though it isn’t at all large when compared to the money Google rakes in from its social surveillance network.
😼
In other tantalising DNA-related news, we’re dying to find out how the special categories personal data of 1,500 people was reportedly accidentally transferred without the consent of the data subjects from a hospital in Ireland to the one entity in Ireland that has a commercial target of acquiring the special categories personal data of hundreds of thousands of people.
The first large fine under the GDPR has finally happened. The French supervisory authority, the CNIL, fined Google €50 million for failing to obtain valid consent for processing personal data (i.e. no legal basis) and failing to meet the transparency and information requirements of the GDPR.
The fine was issued following an investigation prompted by complaints made by Max Schrems’ noyb and French digital rights advocacy group La Quadrature du Net on behalf of individuals, 12,000 in the case of La Quadrature. Article 80 of the GDPR allows not for profit organisations to lodge complaints on behalf of individuals.
This is significant not for the amount of the fine (Google does ~$30 billion in revenue a quarter, €50 million to them is roughly equivalent to you being fined the amount of change down the back of your sofa) but what it means for Google’s business model. And by extension the business model of the rest of the adtech / martech / data-broking world.
It turns out that when these companies are forced to reveal even the bare minimum of what exactly they’re doing with people’s data (information and transparency) to those people, those same people almost inevitably turn out to be not so willing to consent to it. As was mentioned just a few days ago by Shoshana Zuboff in an op-ed in the Washington Post:
Google will, naturally, be appealing the fine.
More:
‘The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC’, CNIL.fr
‘French data watchdog dishes out largest GDPR fine yet: Google ordered to hand over €50m’, The Register
Statement from La Quadrature du Net
In Ireland the Data Protection Commission announced they’ve opened another statutory inquiry into Twitter’s compliance with the GDPR. Article 33 this time which implies Twitter may have been somewhat tardy in informing the DPC about a personal data breach.
Two for the price of one this week. Facial recognition and period tracking.
The online craze for posting portrait photos from today and 10 years ago may seem harmless, but facial recognition software makes it sinister
More than 100 million women monitor their cycles on their phones. Here come the ads.
The European Commission adopted its adequacy decision on Japan. Personal data can now flow freely between Japan and the EU.
This will not be the case with a no-deal Brexit. There will not be an adequacy decision for the UK in that situation.
“user agreements that you sign when you first use these apps can be very vague about the way your user location data is really being used”, says Nicole Lindsey in ‘The Big Business of Location Data’. Indeed. Information and transparency, as above.
Runner’s World isn’t a publication we often read here at The Cat Herder but Riley Missel‘s story about Mark “Iceman” Fellows is a timely reminder that location data can be used in really unexpected ways.
“Mark Zuckerberg has written an op-ed, and I wish he had not.” Kara Swisher rewrites Zuckhole’s Wall Street Journal opinion piece.
—-
Endnotes & Credits
- The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
- As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
- The image used in the header is by Krystian Tambur on Unsplash.
- Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
- Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
Barring a disaster this newsletter will be in your inbox again next weekend. See you then.
If you know someone who might enjoy this newsletter do please forward it on to them.