Google and Tinder have come under scrutiny in Europe for their privacy practices. The Irish Data Protection Commission has launched two separate probes into whether the companies are in breach of the EU's General Data Protection Regulation (GDPR), the commission said on its website Tuesday.
The investigation into Google will look specifically at the company's handling of location data based on complaints from consumer organizations from across the European Union, said Ireland's DPC. "The issues raised within the concerns relate to the legality of Google's processing of location data and the transparency surrounding that processing," the commission said in a blog post.
The DPC added that it had received complaints from individuals within Ireland and across the EU relating to Tinder. Issues raised in the complaints included "ongoing processing of users' personal data," transparency surrounding that processing, and Tinder's compliance with rules around data requests by users, the DPC said.
Under the GDPR,and comprised a complete overhaul of the EU's privacy laws, citizens have the right to expect that their data will be securely stored and processed. They're also allowed to request that companies delete their data or provide them with a copy of that data. If complaints are upheld, companies in breach of the GDPR can be fined 20 million euros ($22.4 million) or 4% of their total annual worldwide revenue in the preceding financial year, whichever is higher.
"People should be able to understand and control how companies like Google use location data to provide services to them," said a Google spokesman in a statement. "We will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe."
The Google spokesman added that in the last year, the company has made a number of product changes to improve the level of user transparency and control over location data.
A spokesman for the Match Group, which owns Tinder, said that "transparency and protecting our users' personal data is of utmost importance to us. We are fully cooperating with the Data Protection Commission, and will continue to abide by GDPR and all applicable laws."
The DPC will now set out to establish whether the companies have a legal basis for the way in which they handle data, as well as whether they meet the expected standard of transparency and are properly complying with user requests. Ireland, where many US tech giants have their headquarters, is the lead regulator for GDPR complaints.