))
2025-W3 The Austrian DSB Slaps Down Google’s Controllership Denial, CCPA applicable for AI and more
Manage episode 461370361 series 3613966
内容由Eli Atanasov提供。所有播客内容(包括剧集、图形和播客描述)均由 Eli Atanasov 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
The Austrian DSB Slaps Down Google’s Controllership Denial
A data subject submitted a Data Subject Access Request (DSAR) directly to Google LLC, demanding access to their personal data under GDPR.
Google LLC dodged responsibility, passing the request off to Google Ireland Ltd., claiming the latter was the sole controller for EEA and Swiss operations.
This triggered an investigation by the Austrian DSB, who didn’t buy Google LLC’s claim that they were just a bystander.
Evidence uncovered showed Google LLC wasn’t just “helping out” — they were the master mind behind key data processing decisions.
Why Google LLC Can’t Escape Being a Controller?
Let’s be clear — the DSB saw right through Google LLC’s attempt to paint themselves as a processor. Google LLC sets the tone for product development, infrastructure, and the rules of the game for how personal data is handled globally. That’s textbook controllership.
DSARs Are a Controller’s Problem, Period.
Here’s the deal: GDPR Article 4(7) says controllers are responsible for everything—from why data is collected to what’s done with it. And under Articles 12–23, responding to DSARs is non-negotiable. By directing data processing globally, Google LLC effectively made themselves accountable for these requests.
What nailed Google LLC?
They control the playbook for EEA processing.
They design the systems that collect and process personal data.
Their contracts with Google Ireland Ltd. didn’t effectively hand off responsibilities.
In short, the DSB ruled: “You can’t be this involved and not call yourself a controller.”
Signs You’re a Controller (Even If You Deny It):
You decide what data gets collected and why.
You build the systems and infrastructure for processing.
You set the rules — from storage to security to compliance.
You enforce standards across global operations.
You call the shots when it comes to how personal data is used, shared, or accessed.
You can read the full decision in German here.
Read the whole newsletter here: https://conformally.com/featured_item/w03-2025-pn/
Find all resources from this episode at: https://conformally.com/privacy-navigator
Learn more about Conformally at https://conformally.com
7集单集
分享
