During this request, the IP address of the web visitor is also sent to Google. This was sufficient reason for a German court to order a (small) German website to pay (limited) damages of 100 euros to one of its website's visitors, who complained and found that the website in question had violated the GDPR and had unlawfully shared his personal data (in particular his IP address, therefore) with Google. According to the competent court in Munich, the consent of the interested party was required to share his personal data with Google.
There was no such authorization and the unauthorized disclosure of the plaintiff's IP address by the website to Google therefore rights, according Tunisia Phone Number List to the court. The violation amounts to “ the plaintiff's loss of control over personal data to Google ,” the court said. Because this is a GDPR issue Under the GDPR, IP addresses, advertising IDs and cookies are protected personal data.
These can only be processed if all the conditions set out in the GDPR are met. One of the first and most important conditions is that the data controller always needs an adequate "legal basis" for the processing. The GDPR has six legal bases that can justify the processing of personal data. Consensus is the best known and most obvious. But data controllers can often process personal data without authorization.