Last year, we outlined Google’s commitment to comply with Europe’s new General Data Protection Regulation (GDPR), across all of the services we provide in the European Union. We’ve been working on our compliance efforts for over eighteen months, and ahead of the new law coming into effect, here’s an update on some of the key steps we’ve taken.
A few insights into how Google will handle the data of EU citizens.
I received an email from Google a few days go about the consequences of GDPR on the Google Cloud Platform and what I should do (I am a customer of GCP).
The mail was absurd. It was written in the wrong language (shame on you Google). It was “legal” language, incomprehensible for a normal living being, unless you are suffering from some weird brain disease. And worst of all, the instructions you had to follow did not work.
It opened the following URL https://login.corp.google.com. At first I thought this was a kind a fishing attack. But my browser considered the https://login.corp.google.com as legitimate with a valid certificate.
It turned out after a few retries that the latter point did not work because my browser that opened the URL was not Google Chrome (shame on you again Google). And of course this was nowhere mentioned
A horrible customer experience
Edited 2018-05-11 13:38 UTC
That is the GDPR for you. There is nothing simple about it, it is a huge complex beast. What many have taken a long time understanding is that it is not a technical thing. Sure there are technical things that can be implemented to help you stay compliant, but it is really a data handling thing, no matter if your data happens to be in a computer system or written on a piece of paper.
It sounds great when you hear the intent, but it is impossible to understand and implement correctly, and there are so many things in it that are open to interpretation, so the exact meaning is unknown until tested in the court system.
Lets just hope this benefits the people more than the cookie laws, although i will not be betting my savings on it.
Indeed, it’s not as simple as the headlines imply and few small businesses can survive a mistake. Still not even super sure how to prove that you do not have any personal information (if thats the case). Without handing over everything. But, if that’s required, then the whole thing is effectively promoted to a universal software police. Prove that you did not eat a burger last month
Wrong. Anyone implementing the GDPR can and should explain how they do it WITHOUT regurgitating the GDPR itself (which is very hard to get through). Ideally, they should use simple and easy to understand language.
Having said that, I think Google managed it pretty well. I have also gotten this message and had a go at the revised policy.
I don’t see what the original poster thought was very “legal” about the language in the revised policy. It was broken down into clear sections, each written in a few paragraphs, often with bullet points enumerating what it was about and almost always with examples.
Could they “dumb it down” even further? Perhaps, but I do not agree with the OP that it was too hard to understand (I am too a non-native english speaker). But I do not agree with you either, that something explaining how they implement the GDPR must be hard to read legal language.
Edited 2018-05-12 08:49 UTC
So, Chrome is now officially the new IE6? :/
Shame they’ve done nothing about YouTube embeds. For my site, I’ve had to do two things:
1) Use the Enhanced Privacy Mode, which is pretty rubbish. As soon as you hit play, it loads everything anyway.
2) Not even show a video until people have manually consented to YouTube cookies.
This is going to affect a lot of sites that embed a YouTube video. It’s going to be interesting to see how other sites handle it. As the YouTube embed gives no warning, no notification absolutely nothing about pushing cookies and such on you.
Yeah, from an outsider’s standpoint the effect of your “cookie law” seems to be that we get to be told to either agree to have cookies or fsck off. It’s not exactly the height of protection, especially if I need to visit a site for professional reasons. Being told you’re screwed is still being screwed.