
Google accused of GDPR privacy violations by seven countries - _of
https://www.theverge.com/2018/11/27/18114111/google-location-tracking-gdpr-challenge-european-deceptive
======
tssva
The title of the submitted article is deceptive. No countries have accused
Google of GDPR violations. Consumer groups in 7 countries have submitted
complaints to their country's GDPR enforcement authorities.

The title of the Reuters article this is sourced from is more accurate,
"European consumer groups want regulators to act against Google tracking". The
article can be found at [https://www.reuters.com/article/us-eu-google-
privacy/europea...](https://www.reuters.com/article/us-eu-google-
privacy/european-consumer-groups-want-regulators-to-act-against-google-
tracking-idUSKCN1NW0BS)

~~~
hadrien01
It is a GDPR violation:

> In our opinion, the scale in which Google tracks the location of its users
> breaches the GDPR. Users have not given free, specific, informed and
> unambiguous consent to the collection and use of location data, particularly
> considering the scale of tracking going on, says Gro Mette Moen.

[https://www.forbrukerradet.no/side/google-manipulates-
users-...](https://www.forbrukerradet.no/side/google-manipulates-users-into-
constant-tracking/)

~~~
merb
it's only a violation IF the authorities think it's a violation. they decide
the fine, if any at all.

~~~
akvadrako
That's getting very philosophical. If a tree breaks a regulation in the forest
and no agency is around to issue a fine, was it a violation?

~~~
diffeomorphism
No it wasn't because "innocent until proven guilty" applies. At the moment
there only is an accusation of a violation.

~~~
ssalka
Maybe, but in this case there are millions (billions?) of people that can
attest to Google's practices.

~~~
skybrian
There are probably millions of people with negative opinions about Google. The
number of people who understand both Google's practices and the GDPR well
enough to write a complaint is probably a lot lower.

Most people just use Internet services to get things done, rather than
experimenting with them enough to know how they work. And they believe rumors.

~~~
acct1771
Don't worry, the story's worse than the Luddite rumors anyway.

------
pointillistic
Why are Europeans are so much ahead on USA on this? I can guess the reasons
but would like to hear what people think. Thanks.

~~~
superkuh
The EU countries (generally) believe in positive liberty where people believe
those they vote into power then have the right to tell people what to do for
the greater good of some ideology.

The USA (generally) believes in negative liberty which is based around the
individual being able to do whatever they want unless it actually harms
another person.

Both positive and negative liberty are valid views but generally positive
liberty leads towards trouble in the form of authoritarian issues.

~~~
goto11
In this case the authorities are telling _businesses_ what they can and cannot
do. GDPR denies business the right to track humans who have not consented
(i.e. the negative liberty to be free of unwanted tracking). So the real
question is whether you consider the liberties of business more important than
the liberties of humans.

~~~
hodwic
Businesses are just groups of humans. We in the US have constitutional
protections around freedom of association and assembly, of which a business is
but one example. We extend other constitutional rights to businesses, because
to remove them from businesses would be to remove them from the people
associating under those businesses, and would thus be a limit to free
assembly.

Also, we definitely do not have a constitutional right to privacy in the
public sphere for services that we elect to use.

~~~
Daishiman
This is completely invalid.

Courts and legislatures in the US regumate limits to corporate behavior in
ways that are the complete opposite to what you're saying.

~~~
hodwic
I'd be interested if you could provide some examples of regulation which would
be unconstitutional if applied to another form of free assembly which is
currently held constitutional when applied to a business.

~~~
Daishiman
Businesses have to comply with regulations in the form of record-keeping,
safeguarding medical data, determining the composition of its board of
directors, etc. HIPAA is not for individuals, neither is Sarbanes-Oxley.

~~~
friedman23
> HIPAA is not for individuals

It is. I don't even understand how it couldn't be unless you are trying to
state that doctors themselves are somehow not individuals.

~~~
maemilius
I think I can kinda see this argument, actually. The punishment for violating
HIPPA is not placed on the individual, it's placed on the company.

I work for a company that operates on HIPPA-protected data; if I leaked any of
that, I wouldn't face any legal punishment but the company I work for would be
on the hook for some seriously large fines.

~~~
dragonwriter
> The punishment for violating HIPPA is not placed on the individual, it's
> placed on the company.

Be careful believing that; it's true that direct liability under HIPAA is
almost exclusively for be covered entity as such, but individuals may be
criminally liable for HIPAA violations in two ways:

(1) Certain directors, officers, and employees may be liable under general
principles of corporate criminal liability, and

(2) Individual employees (and other inbividuals) not criminally liable under
(1) for direct HIPAA violations that have a role in it may be liable for
conspiracy or aiding and abetting (the latter of which has identical
punishment to the crime it relates to) related to the underlying crime
committed by the covered entity that is their employer.

So, yes, actually knowingly leaking PHI that subjects the company to
crimination penalties under HIPAA would likely also subject you to criminal
penalties tied to that HIPAA violation.

------
chopin
>As a new piece of legislation enacted in May, ...

It's in effect since 2016. I wish there was better research in these
articles...

~~~
hodwic
Signed into law in 2016. Most of the major provisions did not come into effect
until May 2018.

------
balibebas
If you're on Android it's possible to completely block the GPS daemon from
phoning home, usually to 1e100.net based on my observation. To do this you can
install an app called NetGuard from F-Droid and enable service blocking. This
app is non-root, and it uses a local VPN to provide an almost impenetrable
firewall. Google's GPS daemon hides itself under a process called "1021" block
that and enable notifications and see the connection attempts every few
minutes to 1e100.net getting blocked—you don't even need to have any Google
services enabled to see the connection attempts occurring.

------
ccnafr
Duplicate:
[https://news.ycombinator.com/item?id=18541650](https://news.ycombinator.com/item?id=18541650)

------
ForHackernews
Can any Googlers answer: Does turning off these "history" sliders actually
affect the data Google gathers from you? Or does it just mean that the
information is hidden from your own account view?

~~~
onetimemanytime
Judging by Google /FB modus operandi I doubt it, they'll collect all. Googlers
that _really_ know would probably not tell.

Looks like EU might put the brakes on a lot of this creepy crap. As much 4% of
revenue or close to $5 billion fine....$5 billion for this, $4b for
another...and all of the sudden we're talking real money.

~~~
mda
Any proof of your claims? By law, If they say they do not, they do not.

~~~
onetimemanytime
>> _Any proof of your claims?_

Google, FB, LinkedIn etc engage in super creepy procedures and suck as much
data as they can. Some to be used today and directly, other data to be used
indirectly...or just to be there just in case. Plus, if you read it again,
it's clear I was saying what I _believe_ it to be likely.

>> _By law, If they say they do not, they do not._

Ummm, no. Justice system isn't based on what the accused says. That's only
part of it, called (more or less) the defense. Others chime in too

~~~
mda
So zero proof just hand waving.

------
merb
to be fair, it's only a claim. not a case (yet). The national data protection
authorities can now actually look into it and maybe make fines for that.
however I guess proceeding could take a while.

