Zapproved has been acquired by Exterro, the leader in Legal GRC.
Read more here

Zapproved

Ediscovery Software For Corporate Legal Teams

Search

How ediscovery professionals should respond to Google’s GDPR fine

by - Industry News

Google HQ

And so it begins.

Less than a year after the General Data Protection Regulation (GDPR) went into effect, the first major corporate penalty has been handed down. CNIL, France’s data-privacy regulatory authority, just fined Google €50 million — and most experts believe this is only the beginning of harsher enforcement actions to come.

The Fine Against Google

Google made two major mistakes, according to CNIL. First, it violated the GDPR’s requirement for transparency. Information about how and why Google collects personal data is “excessively disseminated across several documents,” rather than being in one easy-to-find location. Even when it’s compiled, Google’s descriptions of its “purposes [for] processing are described in a too generic and vague manner” to meet the GDPR’s mandates for clear, comprehensible information.

Second, Google failed to validly obtain consent to use that collected data. Any consent given was insufficiently informed, due in part to the non-transparency of Google’s disclosures. Nor was consent “opt-in,” as required by the GDPR. Additionally, the consent could not be “specific” to any particular service, since Google requires that a user “consent in full” to all of Google’s services in order to access any of them.

But the fine against Google is merely a warning shot. The maximum possible fine was more than $4.7 billion, making $57 million a drop in the bucket by comparison.

The Effect on Businesses

So far, most companies, especially in the U.S., have responded to the GDPR by making their consent forms and data-collection policies more visible but not necessarily more user friendly. Now, “companies large and small may be forced to change the way they collect and store personal information online.”

Bloomberg gloomily predicted that “the ruling [might] portend[] a broader crackdown on digital advertising,” in which obtaining user consent becomes so burdensome that digital ads become all but impossible to personalize within the law. Such over-regulation, in its view, discounts the possibility that “consumers think all the free and easily accessed services they get [through personalized ads] are a fair exchange for their anonymized data.”

Do This Next

How should corporate ediscovery professionals respond? Rather than waiting to see whether Google appeals — and what the court of public opinion ultimately decides — now is a great time to conduct a critical review of your online consent and data-use policies. Better yet, ask a friend or relative to read them and explain what they mean. If they can’t, or if they refuse to because it takes too long, you’d be wise to revise. Aim for something simple and straightforward enough that the average consumer can read and fully comprehend what data you’re collecting and how you’re going to use it.

Google may be well able to afford a multimillion-dollar fine, but how many businesses can say the same? The good news for smaller businesses is that European regulators seem to be starting their enforcement at the top. Don’t let those lessons be wasted on you.

4 Strategies to Advance Your In-House Legal Department

Let’s face it, being a corporate legal team in the year 2023 is no easy task. A lot has changed in recent years, and teams now rely on collaboration between legal, technical, and operational specialists. To advance in-house legal department strategy, today’s ediscovery teams must be multifaceted, integrating different considerations, roles, and technologies. But this […]

How Zapproved’s Automated Custodian Workflows Helps Corporate Legal Teams

Why Staying on Top of Legal Hold Custodians is so Important What’s the first thing you do when an active legal hold custodian is leaving your company? Do you find yourself scrambling to figure out what ediscovery actions need to be taken? Has the employee’s data been preserved? Where are the employee’s laptop and company […]

Two Ediscovery Best Practices for Information Governance

For most enterprises, managing data is like herding billions of very active cats. As corporations moved from paper to digital data (but still retained mountains of paper files), the sprawl initially shocked and disoriented those responsible for knowing where the data was kept.  Fast forward to now, and the shock has worn off. That is […]

Zapproved is Now an Exterro Company!

Legal GRC Platform Exterro Announces Acquisition Of E-Discovery Provider Zapproved Combination of Zapproved’s Industry-Leading Customer Service and Exterro’s Award-Winning Legal GRC Platform Will Enable Organizations to Better Manage the Complex Interconnections of E-discovery, Privacy, Legal Operations, Digital Investigations, Cybersecurity Response, and Information Governance. PORTLAND, Oregon – Jan. 19, 2023 – Exterro, a leading provider of […]