May 25, 2018 was an important date in terms of privacy and personal data protection, in fact the General Data Protection Regulation (GDPR) came into force. The text addresses a hot topic, namely, strengthening the protection of personal data of citizens and residents of the European Union. An important section of the text addresses a rather common problem these days, namely the export and management of personal data outside the European Union, effectively forcing all companies with registered offices outside the EU borders (and their data controllers) to comply with the requirements. The entry into force of the GDPR has, of course, entailed a number of costs and obligations on the part of companies that had to comply, and it was considered by most, at least in its early stages, to be a simple and unnecessary regulatory compliance. The reality of things is quite different, and demonstrating that the regulation is getting into gear (albeit slowly) is the Google case, which involved the French Guarantor and the well-known California company. It all started with “La Quadrature du Net” and “None Of Your Business,” two digital rights associations that reported a number of GDPR-related issues in the Android operating system to the CNIL (the French Data Protection Authority body). The result was that in January last year the CNIL sanctioned Google for the opaque policy and privacy management system built into the operating system, which required users to accept the terms of the privacy policy as part of the general terms of use. Failure to accept in fact would not have allowed the use of the operating system and consequently the device on which it was installed. Since then a lot of water has passed under the bridge, terms have been corrected and a long legal battle has ensued involving both Google LCC and its subsidiary Google Ireland Limited, which, according to the California giant, was the incumbent for handling personal data within the European Union. In late June, the French Council of State rejected Google’s appeal and upheld the fine of as much as 50 million euros for the California giant. Without going into the details of the legal events that have marked this querelle, the Council of State’s decision is a strong signal sent to the giants of the online world, a heavy (moreover costly) underlining of the principle of transparency, which requires holders to inform users about the way personal data are processed in simple and clear language. This is obviously a borderline case, but one that makes us realize how much, GDPR regulation is becoming increasingly important. This is also true for public bodies and small companies that must consider it essential to properly comply with the European regulations. Also in this case, thanks to the HyperGDPR consulting service, Hypergrid experts are able to provide comprehensive advice for the correct adaptation to the current GDPR regulations, to be highlighted that the consulting is based on the integration between IT operators who are experts in the subject and a law firm of qualified professionals.
For more information and consultation, contact us at info@hypergrid.it
Devi effettuare l'accesso per postare un commento.