In what is today the biggest fine under the GDPR, the French Data Protection Authority CNIL investigated Google Android transparency in Data procession. The investigation was consecutive to two class actions filed on the 25th of May 2018. One by the Austrian NGO Non Of Your Business (NOYB), another by the French La Quadrature du Net (LQDN). This decision worth a close look.
The CNIL investigated mobile applications using embedded software development kit (SDK) and ad biding gathering personal data even when the application is not in use. The data collection is activated by default, which is contrary to the principal of privacy by design.