Google charged of breaking European privacy laws by keeping private details about potential job applicants

Mohamed Maslouh discovered that Google’s gHire database held personal information of thousands of people in the EU and UK, leading to his protected whistleblower complaints.

Google, magnifying glass

A London-based contractor named Mohamed Maslouh was tasked with entering information into Google’s internal hiring platform gHire, when he discovered that the database held the personal information of thousands of people in the EU and UK, including staff members of agencies like Interpol, the CIA, the UK Home Office, the European Parliament, and the US Securities and Exchange Commission. The UK’s Information Commissioner’s Office (ICO) and Ireland’s Data Protection Commission (DPC), which have jurisdiction over Google’s activities in the EU, have received his protected whistle-blower complaints. Businesses in the EU and UK can hold information relating to any living, identifiable person for only a short time. Now that the GDPR may have been violated, Google may be under investigation.

In compliance with GDPR rules, Google has built a worldwide automatic deletion mechanism to ‘protect the privacy’ of job applicants and hire candidates. Given that the GDPR took effect in May 2018 and Google launched the tool in 2021, data protection attorney Michael Kiesler of Germany claims that the timetable suggests four years of non-compliance, leading to paying the penalty. He argues that the GDPR is not being adequately enforced by the government, which encourages businesses to take chances because there is little chance that things will go wrong.

Maslouh claims that Randstad urged him to submit a confidential whistle-blower complaint about the GDPR issue to Google via Big Tech’s reporting site and that it said that a significant amount of this material had been kept in the system since 2011, if not eliminated.