Google is heavily fined by the EU for privacy issues

On January 24th, Google filed an appeal against a recent 50 million euro (approximately $57 million) ticket issued by the French Privacy Authority (CNIL) under the General Data Protection Regulations (GDPR). This is the largest amount of punishment since the GDPR came into effect in May 2018.

According to the requirements of GDPR, the company must obtain the user's “true consent” before collecting the user information. This indicates that the consent decision made by the user must be based on a clear selection process, and it is also easy to withdraw the “true consent”. CNIL said that Google did not get the user's consent before processing the data. Instead, people basically don't know that they have agreed to share the data, and they don't know how Google plans to use it. These violations have not been corrected by Google.

In response to this decision, a Google spokesperson said: "Based on regulatory guidance and user experience testing, we have been working hard to design a GDPR-compliant process for personalized advertising, ensuring transparency and directness as much as possible, and we are concerned that this ruling is for Europe and For publishers, original content creators, and technology companies in other regions, for these reasons, we are currently deciding to appeal."

$57 million or just the beginning

This highlights that technology companies are on the Internet, and connectivity comes at a price—user privacy data. Just as Larry Page and Sergey Brin launched Google in 1998, they knew that everything that people do with the Internet leaves a bunch of data.

The data has made it possible to monitor Google around the world today, and it has also stood on the opposite side of the world.

In October 2018, Google’s social network Google+ was exposed to a security breach. This vulnerability has revealed private data of up to 500,000 users since 2015, and Google discovered the vulnerability in March 2018, but Avoid loss and hide this from the user. The data includes Google+ users’ names, emails, ages, genders, and occupations, and about 438 apps have access to the data.

In December, Google+ again exposed another vulnerability, resulting in a series of data leaks in the name, occupation and age of 52.5 million Google+ users. This time Google waited for nearly a month to notify users.

Google’s “excessive hunger” on user data caused market turmoil, and Google’s parent company, Alphabet, plummeted. Public dissatisfaction and legal sanctions are directed at Google, and Google decided to close the consumer version of Google+ in August 2019.

However, it is unremarkable that it is difficult for ordinary users to “trial” technology giants such as Google and Facebook, as the report released by Vanderbilt University: “unless the user throws the phone into the river. , disconnect the Internet or re-learn to read the paper map, otherwise it will not stop Google from collecting user data."

Fortunately, in the face of data ubiquitous data collection, the modern public is paying more and more attention to privacy issues, and legislators are also establishing regulations on these issues. Apple CEO Tim Cook believes that data privacy is a human right. “We must admit that when the free market does not work, there will inevitably be some degree of regulation.”

With the establishment of GDPR, Europe has become the world's most stringent technology regulator, and the eyes of the world are staring at the technology giants who violate GDPR. For the average consumer, this is also a check and balance of the growing power of technology companies.

The ticket issued by CNIL in France may be just the beginning, and Google will not "work alone" for too long.

Global control is tightening, severe punishment is still going on

The experience of Europe is being closely watched and drawn by policy makers from all over the world. The policy storm of global data protection is gaining momentum:

In June 2018, the California Consumer Privacy Protection Act (CCPA) was officially promulgated;

In July, the Indian government introduced the draft Personal Data Protection Act of 2018;

In September, at the Standing Committee of the 13th National People's Congress, the "Personality Rights Compilation" system in the drafts of the Civil Code stipulated the protection of privacy and personal information, which made it possible to be included in the 13th Five-Year Plan. The issue of mutual positioning and interrelationship between the Protection Law and the Data Security Law has become more urgent;

In November, Australia and Taiwan joined the Asia-Pacific Cross-Border Privacy Rules Mechanism (CBPRs);

In December, the Australian government, through the controversial Encryption Act, mandated that technology companies provide three levels of “assistance” when accessing encrypted information.

On January 21, 2019, the Japanese Ministry of Communications issued a draft. According to the draft, multinational technology companies such as Google, Apple, Facebook and Amazon must be stationed in Japan and prohibited from viewing without the user's consent. Or disclose communications such as emails.

In addition, consumer organizations in seven countries including the Netherlands, Poland, the Czech Republic, Greece, Norway, Slovenia and Sweden have filed complaints with their national data protection authorities on data privacy issues in the past three months. Many countries, including the United Kingdom, France, and Germany, have also announced that they will strengthen their control by levying a “digital tax” on multinational technology companies.

The above content has slashed the year of data privacy in the past year. It not only reflects the data-centric social life of the past few years, but also sees the new trend of data protection in the future. As a guardian of data protection in the European Union, Giovanni Buttarelli said: "Punishment is universal and we hope that there will be no offenders in the future."