If the goal of the GDPR is to protect the privacy of individuals, companies like Google can easily turn compliance into a competitive advantage.
It is true that the European Union has been trying for several years to fight against the arbitrariness of GAFA companies that develop their activity against the privacy of individuals. Indeed, the EU has addressed the regulation of the processing of personal data by strengthening the responsibility of entities and companies. What remains to be seen, in view of the application of the new European data protection regulation, is to what extent web companies will comply with the new European requirements.
It should be noted that the new regulation is likely to present a unique opportunity for GAFA companies. Indeed, it is very likely that instead of restricting their business activity, the adoption of new rules could witness the reinvention of the customer relationship. It is indisputable that Google has all the necessary means to build new trust capital. A legally secure environment will attract the major players in the industry. On the other hand, small companies will find it difficult to finalise their compliance by running the risk of being penalised and, by extension, losing the trust of their customers.
Google is making progress on its compliance.
1. Right to data portability
First of all, Google has just launched a new project, entitled “Data Transfer Project”, in order to respect the new right to the portability of personal data. This right enables the data subject to recover data concerning him or her, processed by an organisation, for his or her personal use and to transfer such data from one organisation to another. In this way, the control of the persons concerned over their personal data will be strengthened.
2. Right to be forgotten
Via the “My Activity” section, Internet users can easily activate or deactivate their history. More precisely, users can search on the history of their navigation or delete the data they wish to see disappear. In this way, users will be able to exercise the right to be forgotten, which provides that every person has the right to obtain from the controller the erasure, as soon as possible, of personal data concerning him or her.
In addition, Google tells users why each registration was made by explaining, for example, that “Your history in Chrome is only saved if you are logged into your Google Account and have enabled Chrome synchronization.
3. Non-targeted ads
The privacy of Internet users has always been in a conflictual relationship with targeted advertising. Nevertheless, Google announces for the first time the possibility of choosing the option of broadcasting non-personalized ads: “You can also disable ads based on your interests or your information” it says. This is one of the most delicate changes in view of the GDPR, given that the company’s business model relies essentially on custom advertising.
Google explains very clearly in one of its videos how and why ads are personalized while giving the user the ability to no longer receive targeted ads. Indeed, Google will allow “zero tracking”, namely, it will allow Internet users to browse freely without their personal data being collected (IP address, search history etc.).
In addition, it should be recalled that the collection of user consent is a major point in the GDPR text. In this respect, Google requires that data of individuals can only be collected if web publishers collect their explicit consent. It undertakes to ensure that consent always constitutes an expression of free, informed and unambiguous will.
Finally, Google gives parents the ability to control their children’s Internet use (those under 13) by setting some basic digital rules. More specifically, the “Family Link” application will allow parents to manage the applications the child wishes to download from Google Play, monitor the time spent in front of the screen, or even lock their device at bedtime.