Ireland's Data Protection Commission (DPC) has launched separate investigations into how Google and Tinder process and manage user data.
The DPC has received complaints across the EU in relation to how Google handles and processes location data, such as GPS datasets. The Irish watchdog, acting as Lead Supervisory Authority for Google, said on Tuesday that the investigation "relate[s] to the legality of Google's processing of location data and the transparency surrounding that processing."
The EU's General Data Protection Regulation (GDPR) came into effect on May 25, 2018, and under the new rules, companies that collect, store, and manage user information are held to strict standards and security requirements.
Irish regulators will seek to understand whether or not the tech giant -- with respect to Google Ireland Limited -- has a legal basis for processing user location data and whether or not these processes are transparent enough to satisfy GDPR.
Google told the Associated Press that the company "will cooperate fully" and "continue[s] to work closely with regulators and consumer associations across Europe."
The DPC has also launched an inquiry into MTCH Technology Services Limited, the parent company of mobile app dating service Tinder, in relation to how the firm processes the personal data of users.
According to the data regulator, a statutory inquiry will investigate how user data is processed, whether or not transparency requirements under GDPR have been met, and if MTCH is meeting its obligations when it comes to data subject requests and rights.
MTCH said the company will "fully cooperate" and "will continue to abide by GDPR and all applicable laws."
A study published in January by the Norwegian Consumer Council (NCC) suggested that Tinder, Grindr, OkCupid, and other dating services are gathering highly sensitive information from users -- including sexual preferences, precise locations, and online activity logs -- and handing over this information to third parties for the purpose of targeted advertising.
The NCC has filed complaints with local authorities, requesting investigations into these apps on local levels, as these apps may have breached GDPR requirements.
To date, data protection authorities (DPAs) acting under GDPR have issued 190 fines and penalties. Infringing data processing principles and lawful processing requirements have triggered most of the fines rather than cybersecurity failures.
Previous and related coverage
- GDPR: 160,000 data breaches reported already, so expect the big fines to follow
- Guess what? GDPR enforcement is on fire!
- GDPR: Only one in three businesses are compliant - here's what is holding them back
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0