The Irish Data Protection Commission has announced that they have launched a formal investigation of Google due to concerns over the way the company processes user location data.
The investigation has been opened after Ireland’s data protection watchdog received a series of complaints from consumer organisations related to the legality of Google’s processing of location data and the transparency of such processing.
“The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency,” a statement from the Irish data protection watchdog read.
In a separate case, the Irish DPA also announced on Tuesday (4 February) that it will probe the dating application Tinder, following concerns about third-party data processing and compliance with data subject rights’ requests. The authority has the power to issue hefty fines for breaches against the EU’s general data protection regulation.
The Irish data protection watchdog currently has 20 ongoing investigations into multinational tech firms, and the sheer volume of work related to the ongoing probes has led to privacy professionals on the continent to claim that the organisation is “overwhelmed.”
Speaking recently to The Irish Times, Germany’s data protection commissioner Ulrich Kelber said that “none of the cross-border cases under new data protection rules has been addressed,” because the Irish DPA is “insufficiently equipped for its task.”
“The colleagues clearly need better financing and more staff,” he said.
Google is still under investigation in Ireland over a probe commenced in May last year, which aimed to determine whether the company’s processing of data as part of its advertising practices violated EU privacy rules.
This followed the first fine issued by the French data protection authority CNIL under GDPR for a US tech giant earlier last year, with Google being hit with a €50 million fine for a lack of transparency and clear information on its data use policies.
One of the groups that had referred Google to the Irish DPA over data protection concerns, the EU consumer group BEUC, welcomed the announcement on Tuesday.
“Consumers should not be under commercial surveillance,” said Monique Goyens, director-general of BEUC. “They need authorities to defend them and to sanction those who break the law.”
The group also said that the initial complaint had been issued in November 2018. BEUC pressed the Irish DPA to follow up on the issue in November of last year.
For their part, Google said that it would assist the Irish Data Protection Commission in their ongoing investigation. “People should be able to understand and control how companies like Google use location data to provide services to them,” a Google spokesperson said. “We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe.”
[Edited by Zoran Radosavljevic]