Google is under investigation in Sweden over alleged breaches of the GDPR, just days after it was issued with a major €50m fine in France.
Swedish regulator Datainspektionen revealed earlier this week that it launched the investigation into collection of Android users’ location data, after receiving a complaint from the Sveriges Konsumenter (Swedish Consumer Association) linked to allegations in an earlier report by Forbrukerrådet (the Norwegian Consumer Council).
“In summary, the complainant holds that the way Google provides itself access to the location data of users of its mobile operative system Android by ways of its so called ‘Location History’ and ‘Web & App Activity’ is in breach of the GDPR,” the authority said.
“According to the complainant, the report by Forbrukerrådet states that Google use deceptive design, misleading information and repeated pushing to manipulate users into allowing constant tracking of their movements. In essence, the complainant holds that the processing of location data in this way is unlawful and that Google is in violation of Articles 5, 6, 7, 12, 13 and 25 of the GDPR.”
A supervisory letter sent to the web giant requests more information and answers to a series of questions by February 1.
Specifically, it wants to know the total number of Swedes who have had location data slurped through the services and how many data points are gathered on average per individual, broken down for every hour of the day.
It asks for privacy policies, data impact assessments and records of processing activities, and wants to know the legal basis for processing, why data is being collected, and when and how consumers are notified, among other details.
The investigation highlights the continued scrutiny of firms under the GDPR. Although we have yet to hear about a major investigation undertaken due to concerns over data security, one is surely not far away as the regulators begin to flex their muscles.