About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (February 22, 2019)

handle is hein.crs/govzbt0001 and id is 1 raw text is: Google Fined for Violation of EU Data Protection Law February 22, 2019 In a decision testing what it means to give informed consent to online data collection, a French regulatory body recently fined Google LLC (Google) 50 million euro (approximately 56 million U.S. dollars)- the largest fine issued to date for violating the European Union's (EU's) General Data Protection Regulation (GDPR). Discussed in this CRS In Focus, the GDPR is an EU law that provides rules for protection of personal data throughout the 28-member European Union. The French data protection authority-the Commission Nationale de l'informatique et des Libertes (CNIL)-concluded that Google's lack of transparency and failure to obtain valid consent from Android phone users violated the GDPR. Although the fine arose under EU law (and Google has announced plans to appeal it), the decision could offer lessons for recent congressional efforts to craft more comprehensive federal data privacy policy. What is the GDPR? In effect since May 2019, the GDPR provides data protection rules in several interrelated areas: data privacy (i.e., how companies and organizations collect, use, and disseminate personal data), data security (i.e., how companies guard against and respond to data breaches), and cross-border data flows (i.e., when companies are permitted to transfer personal data within and outside of the EU). In terms of data privacy, which Google's fine concerned, the GDPR is more comprehensive than U.S. federal law. Whereas federal data privacy law involves a patchwork of separate laws covering different issues and sectors of the economy (discussed in this Legal Sidebar), the GDPR creates a single, unified data privacy regime. Unless an exception applies, the GDPR applies to all processing of personal data, which is broadly defined to include collection, use, storage, disclosure or any other set of operations performed on personal data. From a territorial perspective, the GDPR applies to organizations that have an establishment in the EU and to non-EU-established entities that offer goods or services to individuals in the EU. Because many businesses with an online presence offer goods and services to EU individuals, the GDPR applies to many businesses outside the EU, including many American businesses. Congressional Research Service https://crsreports.congress.gov LSB10264 CRS Legal Sidebar Prepared for Members and Committees of Congress

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most