Ireland’s DPC (Data Protection Commission) is investigating Internet giant Google and matchmaking app Tinder over the way they process and retain users’ data.
Inquiry into Google
The DPC has commenced an own-volition Statutory Inquiry into Google Ireland Limited following complaints from several EU consumer organisations about its processing of users’ location data and the transparency of the procedure surrounding this.
The complaints pertain to Section 110 of the DPA (Data Protection Act) 2018, which states that the DPC may ascertain whether an infringement has occurred, and Article 60 of the GDPR (General Data Protection Regulation), which requires organisations to cooperate with the relevant supervisory authority.
The DPC said “The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.”
Inquiry into Tinder
Since the GDPR came into effect, the DPC has received a number of complaints about MTCH Technology Services Limited, the creator of Tinder, relating to the processing of users’ personal data, the transparency around the process, and the organisation’s compliance with its GDPR obligations in relation to subject access requests.
As with Google, Tinder’s complaints relate to Section 110 of the DPA 2018 and Article 60 of the GDPR.
The DPC said the inquiry “will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests”.
Understand what it takes to comply with the GDPR
Ensure you know your data protection and privacy requirements by reading EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide.
The third edition of this essential guide explains in simple terms the steps you must follow to meet the GDPR’s requirements. It covers everything you need to know about the Regulation, including:
- Data subjects’ rights;
- How to gain lawful consent;
- Managing consent withdrawal;
- Fulfilling DSARs (data subject access requests);
- How to complete DPIAs (data protection impact assessments); and
- Whether you need to appoint a DPO (data protection officer).
Purchase EU GDPR – An Implementation and Compliance Guide this February to receive the Data Protection and the Cloud – Are you really managing the risks? e-book half price!