The European Union's General Data Protection Regulation (GDPR), which came into effect in May, gives individuals the right to transfer their data from one country to another.
A complaint was made to the authority by the operator of Weople.
The Weople app encourages web users to link third party accounts to port their personal data into a "digital vault" where the free service claims their data will be "masked and anonymized."
In exchange for authorizing use of their "masked" data for marketing purposes, weople users are able to generate virtual currency or other rewards.
The company's website doesn't clearly explain what it's doing to "valorize" user data, but it does say that it gathers "anonymized" user data into blocks to trade with marketers.
Concerns have been raised over Weople's approach of using data portability rights to grease commercial data use.
The app was investigated by Italy's data protection watchdog and referred to the European Data Protection Board for an opinion on its approach to utilizing theGDPR's data subject-focused Portability powers for a service that seeks to monetize people's data.
The privacy regulator suggested at the time that entities that receive requests for data transfer from Weople should consider the accountability principle when making their decisions.
In a few years, Italy's competition authority has concerns about whether or not Google's conduct may be affecting competition.
Digital businesses often generate cross-cutting concerns which can demand that different regulators, such as privacy and competition authorities, work together to resolve complaints and impacts. At the time of writing, the privacy regulator had not responded to our questions and the competition watchdog had not commented.
The authority believes that the right to portable personal data, established by the EU's General Data Protection Regulation, could be affected by the conduct of the internet giant. The competition authority said in a press release that the alleged abuse could restrict competition because it limits the ability of other operators to develop innovative data-based services.
The negative effects of Google's conduct on its initiative to enhance personal data with the consent of the data owner was represented to the authority by Hoda.
In further remarks, the AGCM suggested data portability provides an avenue for alternative operators to exert competitive pressure on tech giants, which it describes as having established their dominance on the creation of ecosystems based on the management of virtually unlimited amounts of data
The ACGM made reference to how much money Alphabet makes as a result of its ability to extract large amounts of data through services like Gmail, and how much it will make in the years to come.
Reached for comment on the authority's investigation, Google avoided any reference to the complaint and instead sent us this statement:
“Google has offered people the ability to take out and transfer their data for over a decade and in 2021, more than 400 billion files were exported. These tools are there to help people manage their personal information. There are also ways that any company can encourage direct data portability into their services — for example, via the open-source Data Transfer Project, which any company is welcome to participate in.”
The ACGM fined the tech giant $120 million last year for antitrust violations related to restrictions applied to a local electric car charging app.
In 2020 the national competition watchdog began an antitrust investigation into the ad display business of Google in Italy.
As part of a major policy plan to encourage the use of personal data spaces, the European Union has put a lot of store on trying to fire up a cottage industry of Trusted Data Intermediaries.
It is not clear if a platform such as Weople's, which is a commercial play to generate revenue by encouraging individuals to share and pool data, would be a model example of a trusted, neutral intermediary. It may be more data-sharing participant than neutral player if it would fall outside of that definition.
The Data Governance Act will inevitably pile more work on already under-resourced national regulators and legal systems who will be tasked with ultimate responsibility for ensuring all the extra.
Google hit with $123M antitrust fine in Italy over Android Auto