A record fine of almost $57 million has been levied upon Google after French regulators determined that the company violated the EU’s tough data privacy laws.
A report on Googles’ predicament was published by Bloomberg:
In its ruling, the regulator alleged that Google fails to adequately explain how it collects data to offer personalized advertising. Some information is “excessively disseminated” across different documents. Some requires more than one click to find. Some consent boxes are pre-ticked, thereby discouraging careful study. In sum, a user’s consent — even when freely given — is insufficiently “specific” and “unambiguous.”
The author continues with his own commentary:
If all this sounds ridiculous, welcome to the General Data Protection Regulation, or GDPR. Put aside for now that these rules are all but impossible to fully comply with. Ignore, too, that they’re impeding innovation, harming small businesses, inhibiting growth, imposing needless costs, annoying consumers and accomplishing nothing. Instead, ask what the regulators are actually trying to do. There are two plausible answers.
One is that they merely want to make an example of Google, as opposed to announcing that crushing fines are on the way for every company that can’t adequately comply with the GDPR. That might minimize the damage. But it would also suggest that Europe intends to wield these rules — as it does so many others — to punish Silicon Valley giants and protect local rivals.
Another possibility is that the ruling portends a broader crackdown on digital advertising. Companies collect so much personal information not out of prurience but to reach the customers most likely to buy their products. To do so, firms constantly mix and match data to find correlations and make inferences. Demanding that they stop at each step to once again get users’ consent — as this ruling implies they must — could make their services difficult or impossible to use.
