Changes To Googles Privacy Policy This Affects Me
Management Summary
The most important change is that Google services that affect consumers within the scope of the European General Data Protection Regulation and Switzerland will be moved from Google LLC in the USA to Google Ireland Limited in Dublin and Google will also explicitly cite Irish law in the declaration of the change (this will be discussed further below, more precisely with the age of consent). This means that customers and consumers have a mandatory contact person within the EU, as is also the case in the GDPR, which came into force on May 25, 2018.
A text comparison results in a total of seven changes, which we have put together for you here, including an initial interpretation. Unfortunately, Google itself does not provide any information as to which passages have been changed. On the left side you will find the previous data protection declaration (valid until January 22nd, 2019) and on the right side you will find the upcoming version (valid from January 22nd, 2019).
1. Data collected
Text change with a marketing background: “Create your own map” was used to make the location history more friendly.
PS: If you want to know more about GDPR-compliant storage of Google Analytics raw data within the EU, readhereafter.
2. Sharing of data
Here the example has been modified to demonstrate what data is shared by Google.
3. Contact person in the EU for users
This is the relevant part: those affected in the EEA and Switzerland now have a contact person in the EU. The address is not mentioned here, but it will most likely be the headquarters of Google Ireland Limited: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, Telephone: +353 1 436 1000.
4. Disclosure to Authorities
This clarification is sensible and useful, as it is included in most data protection declarations. We have all the FAQs about the GDPRhereanswered.
5. Minimum age of consent
That in turn is exciting. The GDPR sets the minimum age at which valid consent can be given to an information society service at 16 years. However, this is a so-called opening clause, i.e. a different age can be used nationally, but not under 13 years. In Ireland it is 13 years, in Austria 14 and in Germany, for example, 16.
That doesn’t necessarily make it any easier for companies that want to work with this target group. Some therefore generally take 16 years, Google is taking its own approach here by referring to the Irish implementation of the GDPR and, in line with the one-stop-shop principle, also using Ireland as a location for possible conflicts.
Here is a comparison of the headquarters of the Austrian data protection authority and that of Ireland (without further comment).
6. Other resources
Here the text has been made clearer and more readable, no changes relevant to the content. The principles have been deleted (in the link text).
7. Note on data usage
Here the two points have been combined into one, which also seems logical.
Sources:
You can read the previous data protection declaration (always listed on the left), valid until January 22, 2019, here:
https://policies.google.com/privacy
The upcoming version (always listed on the right), valid from January 22, 2019, can be found here:
https://policies.google.com/privacy/update
The text comparison was done using60toolscreated.
