Google faces new antitrust investigation in Italy after data porting complaint

- Advertisement -


The Italian competition authority has launched an investigation against Google over suspicions that Google is abusing its dominant position by interfering with the data portability rights granted to individuals under the EU General Data Protection Regulation (GDPR).

- Advertisement -

The procedure follows a complaint lodged with the authorities by the operator of a direct marketing platform called We.

- Advertisement -

The Weople app, operated by Hoda, encourages web users to link third-party accounts (such as Gmail and other Google accounts) to move their personal data to a “digital vault” where the free service claims their data will be stored. be “disguised and anonymous” so that they can be used for personalized offers, i.e. without sharing their actual information with advertisers/third parties, since the application acts as an intermediary.

Weople users appear to be able to generate virtual currency or other rewards (some of which are distributed through prize draws) and potentially earn real money in exchange for being allowed to use their “masked” data for marketing purposes.

- Advertisement -

The app developer also claims to bundle “anonymized” user data into blocks to trade with marketers, presumably for selling market intelligence/trend analysis, though the company’s website doesn’t clearly explain what it does to “value” user data.

Notably, there have previously been concerns about Weople’s approach to using GDPR data portability rights to enable commercial trade in personal data.

Back in 2019the app has been reviewed by the Italian data protection supervisory authority and submitted to the European Data Protection Board (EDPB) for an opinion on its approach to using the GDPR’s data portability powers for a service that seeks to monetize people’s data, like Garante expressed doubts about the implications of using such a commercial purpose as a driver for data portability; and the risk of duplicating migrated datasets (with associated security risks).

At the time, the privacy regulator suggested that organizations receiving data port requests from Weople consider the accountability principle of the GDPR when deciding whether to grant their requests.

Fast-forward a few years, and perhaps unsurprisingly, the Italian antitrust authority’s concern is centered on whether Google’s behavior might hinder competition.

While it’s fair to say that digital business often raises cross-cutting issues that may require different regulators, such as privacy and competition authorities, to work together to resolve complaints and repercussions, rather than risk disjointed and disjointed responses. (We asked Italy’s AGCM and Garante about any joint work here, but at the time of writing, the privacy regulator has not responded to the question, and the competition watcher declined to comment.)

“In the opinion of the Authority, Google’s conduct may limit the right to data portability set out in Article 20 of the GDPR and may limit the economic benefits that consumers can derive from their data. At the same time, the alleged abuse could limit competition by limiting the ability of alternative operators to develop innovative data-driven services,” the antitrust agency said in a statement. Press release today, saying that its staff yesterday conducted an inspection of local Google premises in connection with the investigation.

“In particular, Hoda has informed the FDA of the negative impact of Google’s behavior on its initiative to improve personal data with the consent of the data owner, which offers innovative opportunities for the use of such data,” he added.

In further remarks, the AGCM suggested that data portability provides “alternative operators” with the ability to exert competitive pressure on tech giants like Google, which it says have “established their dominance in building ecosystems based on the management of virtually unlimited resources.” data”, which, as it further implies, exclusively feeds the platform giants’ own business models.

The ACGM PR also mentions how much money Google’s parent company, Alphabet, is making from its ability to extract large amounts of data using services like Gmail, Google Maps and Android ($257.6 billion in revenue in 2021).

After receiving a comment on the authorities’ investigation, Google avoided explicitly mentioning the complaint and instead sought to redirect attention to the long-standing support it said was being given to portability efforts by sending us this statement:

“Google offered people the ability to extract and share their data for over ten years and in 2021, over 400 billion files were exported. These tools are designed to help people manage their personal information. There are also ways any company can encourage direct portability of data into their services, such as through open source. Data transfer projectin which any company can take part.

This isn’t the first time ACGM has targeted Google for competition reasons: Last year The regulator has fined the tech giant $120 million for antitrust violations related to restrictions applied to a local electric vehicle charging app called JuicePass via Android Auto, a modified version of Google’s mobile OS designed for in-car use.

Back in 2020the national competition authority also launched an antitrust investigation into Google’s advertising business in Italy.

Returning to the issue of data portability, in recent years the European Union has focused a lot of attention on trying to ignite a cottage industry of “trusted” intermediaries/data markets (and/or so-called “personal data spaces”) – as part of major policy plan to encourage data sharing and reuse — which, in addition to focusing on encouraging businesses to fuel each other’s ideas with pooled industrial datasets, seeks to oil the sharing of personal data for “altruistic” public good.

It is not entirely clear whether a platform like Weople, which is essentially a commercial game to generate income by encouraging individuals to share and aggregate data (trusting the platform to protect their identities in the process), will represent a model example of a reliable, neutral intermediary. as provided by legislators in the Data Management Act. Or would it be outside the scope of this definition given the direct commercial interest of the operator (and activities around) monetizing the possibility of trading users’ personal data, which means that he is more of a participant in the exchange of data than a neutral player.

Also worth noting main criticism about the Commission’s approach to the flagship law, given that it will – inevitably – place a lot of extra work on the (already) heavily resourced national regulators and legal systems, who will be given the primary responsibility for ensuring all the extra data sharing that centralized EU lawmaking encourages , it does not fatally tip the scales by scaling up the commercial exploitation of these people in a way that systematically undermines the fundamental rights of citizens as the region’s overworked justice institutions are hopelessly overwhelmed.


Credit: techcrunch.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox