Is Google at Odds with the GDPR? Evaluation of Google's Personal Data Collection on Mobile Operating Systems in Light of the Principles of Purpose Limitation, Data Minimisation, and Accountability
Is Google at Odds with the GDPR? Evaluation of Google's Personal Data Collection on Mobile Operating Systems in Light of the Principles of Purpose Limitation, Data Minimisation, and Accountability
Ayça ATABEY
The mobile technologies are rapidly advancing; smartphones are becoming increasingly ubiquitous in our lives while Google hoovers up personal data any possible way benefiting from the omnipresence of smartphone platforms. The GDPR with its bedrock principles set out in Article 5 has become a soaring topic globally, creating awareness, and enhancing the status of data protection as a fundamental right. However, the legal implications of Google's data collection through manifold ways create confusion regarding the scope and legality of such data collection. Also, the lack of guidance on the principles' practical implementation creates ambiguity for different stakeholders involved in the various components of the smartphone ecosystem. A clarification is necessary in order to provide the desired protections for the purposes of the general data protection regime, which is possible by providing a better understanding of both technical and legal aspects of personal data collection. This research delves into the personal data collection methods used by Google on two different mobile platforms: Android and iOS, and zooms into the inner workings of the mobile ecosystem to simplify the myriad of technological details by combining first-hand experience and valuing the latest technical research reports in order to evaluate personal data collection carried out by Google on mobile operating systems with a thorough discussion focusing on Google's responsibilities and compliance with the GDPR, more specifically, with the principles of purpose limitation, data minimisation, and accountability, which is then followed by a comprehensive analysis of Google's Privacy Policy and data subjects' rights.(ARKA KAPAKTAN)
TABLE OF CONTENTS
INTRODUCTION
CHAPTER ONE
1. Personal Data Collected By Google
1.1. UNDERSTANDING PERSONAL DATA
1.2. DEFINITION
1.3. RELEVANCE IN THE MOBILE ECOSYSTEM
1.4. PROCESSING
1.5. GOOGLE'S TENTACLES
1.6. PERSONAL DATA COLLECTED BY APPS
CHAPTER TWO
2. Personal Data Collection Methods Used By Google
2.1. GOOGLE AND THE DUOPOLY IN THE SMARTPHONE MARKET
2.2. ACTIVE AND PASSIVE DATA COLLECTION ON MOBILE PHONES
2.3. PUBLISHER AND ADVERTISING TECHNOLOGIES
2.4. GOOGLE'S APPLICATIONS AIMED AT DATA SUBJECTS
2.5. CONCLUSION
CHAPTER THREE
3. Purposes of Personal Data Collection
3.1. PROFILING
3.2. ONLINE TARGETED ADVERTISEMENT
3.3. VALUE OF PERSONAL DATA
3.4. NON-COMMERCIAL USE
3.5. CONCLUSION
CHAPTER FOUR
4. Purpose Limitation
4.1. DEFINITION
4.2. WHY IS PURPOSE LIMITATION IMPORTANT?
4.3. YOUTUBE EXAMPLE
4.4. CHALLENGES
4.5. CONCLUSION
CHAPTER FIVE
5. Data Minimisation
5.1. DEFINITION
5.2. WHY DOES THE DATA MINIMISATION PRINCIPLE MATTER?
5.3. THE SMARTPHONE ECOSYSTEM
5.4. CONCLUSION
CHAPTER SIX
6. Accountability
6.1. DEFINITION
6.2. WHY IS ACCOUNTABILITY IMPORTANT?
6.3. TECHNICAL AND ORGANISATIONAL MEASURES
6.4. CHALLENGES
6.5. TRANSPARENCY
6.6. PRIVACY RISK MANAGEMENT
6.7. CONCLUSION
CHAPTER SEVEN
7. Google's Privacy Policy vs Data Subjects' Rights
7.1. LEGAL FRAMEWORK AND DATA SUBJECTS' RIGHTS
7.2. WHAT ARE DATA SUBJECTS' RIGHTS?
7.3. GOOGLE'S NEW PRIVACY POLICY
7.4. TRANSPARENCY
7.5. BALANCING TEST
7.6. SAFEGUARDS
CHAPTER EIGHT
8. The Way Forward
CONCLUSION
BIBLIOGRAPHY