Page 59 - Payout Magazine Online Volume 8.4
P. 59
features for customizable cookie settings, as the request for consent must be given in an
privacy controls, data sharing settings, intelligible and easily accessible form, with the
data deletion on account termination, and purpose for data processing attached to that
IP anonymization may prove useful as you consent,” according to EUGDPR.org, a portal
evaluate the impact of the GDPR for your set up to provide the public with information
company’s unique situation and Analytics about the “main elements” of the GDPR.
implementation.” “Consent must be clear and distinguishable
from other matters and provided in an
The email also noted that Google “has intelligible and easily accessible form, using
been rolling out updates” to the contractual clear and plain language. It must be as easy to
terms for a variety of its products since last withdraw consent as it is to give it.”
august, “reflecting Google’s status as either
data processor or data controller under the As referenced in the Google’s notice
new law.” concerning the changes to Google Analytics,
the GDPR applies to companies which collect
Under the GDPR, a data controller is or process data on users residing in the EU,
“the entity that determines the purposes, regardless of the company’s location.
conditions and means of the processing of
personal data,” while a data processor is “Previously, territorial applicability of the
“an entity which processes personal data on directive was ambiguous and referred to data
behalf of the controller.” process ‘in context of an establishment,’”
notes EUGDPR.org. “This topic has arisen in
In the notice, Google states that with a number of high profile court cases. GPDr
respect to both Google Analytics and makes its applicability very clear – it will
Analytics 360, “Google operates as a apply to the processing of personal data
processor of personal data that is handled in by controllers and processors in the EU,
the service.” regardless of whether the processing takes
place in the EU.”
The updated “GDPR terms” will supplement
the current contract between Google and the GDPr provides for significant
Google analytics administrators, effective on penalties for companies which violate the law,
May 25, the same day the GDPR comes into with fines which range “up to 4% of annual
force. global turnover… or €20 Million,” which is “the
maximum fine that can be imposed for the
The notice also announced an updated most serious infringements e.g. not having
“EU user consent policy” crafted to comply sufficient customer consent to process data
with the terms of the GDPR. or violating the core of Privacy by Design
concepts.”
“Per our advertising features policy,
both Google Analytics and Analytics 360
customers using advertising features must Gene Zorkin has been covering legal and
comply with Google’s EU User Consent political issues for various adult publications
Policy,” the notice stated. “Google’s EU User (and under a variety of different pen names)
consent Policy is being updated to reflect new since 2002.
legal requirements of the GDPR. It sets out
your responsibilities for making disclosures
to, and obtaining consent from, end users of
your sites and apps in the EEA.”
Under the GDPR, the “conditions for
consent have been strengthened, and
companies will no longer be able to use long
illegible terms and conditions full of legalese,
Reprinted courtesy of YNot
PayOutMagazine 59
