Google allegedly violated GDPR: billion-dollar fine on the way?

A consumer association present in seven European countries has sued Google in court for violating the GDPR. Here's what Big G risks

Google again under indictment, again for privacy issues: this time to point the finger at the online search giant is the Bureau Européen des Unions de Consommateurs (BEUC), a kind of lobby of consumer rights associations from seven European countries.

The stone of the scandal, in this case, is the tracking of the movements of millions of users without having their explicit consent. In particular, to be under accusation, is the history of positions detected by Google through GPS and the steps between the various cells of the mobile network of smartphones. All data that the Mountain View giant has used over time, without explicit consent of users, to obtain useful information about their movements, their habits and the places they visit most often. This would have led to a GDPR violation that could cost the California-based company dearly.

How Google's GPS tracking works

You know when you go to a place, or just pass by it, and after some time Google asks you to review a business that is located in that area? Well, this is due to the fact that Google records our movements in a special history and knows very well where we have been in each day of the year. To this behavior of Google, the BEUC has dedicated an in-depth report entitled "Every Step You Take", as it considers it a violation of the new European regulation on privacy, the now famous GDPR. "These practices do not comply with the General Data Protection Regulation, as Google does not have a valid legal basis for processing the data in question," the report says. In particular, the report shows that the user consent provided in these circumstances is not freely given," according to BEUC.

Why Google could be guilty of violating the GPDR

The missing legal basis is explicit user consent: Google asks for generic authorization for location tracking in order to use the data for a variety of purposes: from improving the service offered to profiling user behavior for advertising purposes. If Google knows the route we take every day to go to work, for example, it can warn us before leaving of a possible accident along the way and, consequently, invite us to take a different route so as not to waste time. But with the same data it can also know if we often go to the cinema and never to the bookstore and send us more advertising on upcoming films and less on books. With the same system, however, Google can also know if we go to church every Sunday (and thus know our religion) or if we sometimes go to a red light club (and thus know our sexual tastes). Hence, according to BEUC, the huge privacy problem.

Google's response

Google, of course, doesn't stand for it and responds that it hasn't violated either user privacy or any part of the GDPR directive at all: "Location history is turned off by default and you can edit, delete or pause it at any time. If it's on, it helps improve services such as predicted traffic during your commute." However, it's Google itself that also admits that " If you turn off history depending on your phone and app settings, we may still collect and use location data to improve your Google experience."

What Google risks

All of this could cost Google dearly: GDPR regulations, in fact, provide for fines of up to 4% of revenues for serious privacy violations. And 4% of Google's revenue is a six-figure sum. "We're going to read this report carefully to see if there are things we can consider," the company said.