Four media industry trade associations want Google to adjust its position when it comes to privacy and data protection. The controversy is centered on the European Union General Data Protection Regulation (GDPR), which the EU will begin enforcing May 25.
The letter, sent to Google CEO Sundar Pichai on April 30 from four trade associations — Digital Content Next, European Publishers Council, News Media Alliance, and News Media Association — outlines their concerns.
The letter was obtained by The Register.
The group appears to have several concerns based on legal analysis (PDF) commissioned by DCN in April. Those include “Google's wish to be a controller rather than a processor; its requirement that publishers obtain consent for processing on its behalf; and that the move puts the liability for non-compliance onto publishers,” writes The Register.
Google acting as a controller enables the company to make decisions on how it received data from publishers and how the collected data on publishers' pages gets used.
At the Search Insider Summit last week in Captiva Island, Florida, Gary Kibel, partner at Davis & Gilbert LLP, explained that companies dubbed as “processors” are those responsible for processing the data on behalf of a data controller. A controller owns the data and determines the purposes and the way the personal data is processed.
There is a clear distinction between processing the data and controlling the data. The publishers argue, in most cases, that it is more “logical” for Google to be a processor then a controller. And in this case, the organizations say Google is “passing the buck.”
The letter also states that Google’s framework for its ad policies revealed in March seem to be more concerned with protecting its existing business model “in a manner that would undermine the fundamental purposes of the GDPR and the efforts of publishers to comply with the letter and spirit of the law.”
Too much control, on Google’s part, seems to be the final point the organizations attempt to make: the fact that Google is trying to push the liability for gaining consent onto publishers.
There are millions of dollars at stake if a company fails to comply with the GDPR rules, according to Kibel. [The EU] has the ability to impose fines of 4% of annual revenue worldwide or up to 20 million Euros,” he said.