Complaints.
The Data Protection Commission has announced it is opening statutory inquiries into the activities of both Google and Tinder for possible failures to adhere to data protection laws.
Complaints have been received by the Commission in respect of both companies from other European states.
Consumer Organisations across the EU have complained to the Commission in relation to Google’s processing of location data. The issues raised relate to the legality of Google’s processing of location data and the transparency surrounding that processing.
The Commission has reported in a press release that a number of concerns have been identified in respect of the Tinder platform, raised by individuals both in Ireland and across the EU. The issues relate to MTCH Technology Services Limited’s ongoing processing of users’ personal data on the Tinder platform, the transparency surrounding the ongoing processing, and the company’s compliance with its obligations with regard to data subject right’s requests.
One-stop shop
The GDPR introduced what is referred to as a ‘one-stop shop’ mechanism. Under article 56, a data controller or processor engaged in cross-border activity within the EU will engage with the supervisory authority in the member state where its main establishment is located, and not necessarily where the data breach occurs. For a company engaged in inter-EU trade, the relevant enforcement body will usually, therefore, be located where its EU headquarters is located.
Because most multi-national technology companies are located in Ireland, it is very likely that these types of investigations will become all the more common for Ireland’s Data Protection Commission.
In respect of the Tinder platform, the investigation will aim to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests.
The Google investigation will look at whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.