Irish data regulator investigating Google and Tinder for data processing violations

Both companies face an "own-volition statutory inquiry" after complaints made to the regulators

The Irish Data Protection Commission (DPC) is investigating complaints made about Google and Match Group for alleged GDPR violations.

The DPC said it had received a number of complaints from across the EU, in which concerns were raised with regard to Google's processing of location data.

For Match Group, also known as MTCH Technology Services, the commission said it had been monitoring complaints regarding possible "systemic" data protection issues on its Tinder platform. These issues pertain to the ongoing processing of users personal data and the transparency surrounding it.

"The DPC has commenced an own-volition Statutory Inquiry, with respect to MTCH Technology Services Limited, pursuant to section 110 of the Irish Data Protection 2018 law and in accordance with the cooperation mechanism outlined under Article 60 of the GDPR," the regulator said. 

"The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users' personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right's (sic) requests."

Related Resource

Building a modern information governance strategy

How to rethink your approach to develop a more modern information governance strategy

Download now

IT Pro has approached Match Group for comment. 

Google will also face an "own-volition statutory inquiry" that will set out to establish whether the tech giant has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency. These will also fall under section 110 of Ireland's 2018 data protection law and in accordance with the cooperation mechanism outlined under Article 60 of the GDPR. 

"We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe," a Google spokesperson told IT Pro. "In the last year, we have made a number of product changes to improve the level of user transparency and control over location data."

What is interesting this time is that the DPC's statement refers expressly to Article 60, according to GDPR specialist lawyer Frank Jennings. This, he told IT Pro, indicates that it wants to take the lead over the investigation, expecting the other EU authorities to fall in line and cooperate. 

"For now, while the UK remains part of the EU, the UK Information Commissioner will cooperate too but, with a no-deal Brexit a possibility at the end of the year, the UK will become a 'third country' and will fall outside data fortress Europe and the cooperation regime."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021