Google Slapped with $57 Million Fine in Landmark GDPR Case

By French regulators have slapped Google with a landmark $57 million fine for committing GDPR infractions, making it the first major U.S. tech company to face punitive action under Europe’s new digital privacy regime.

France Fines Google $57 Million for GDPR Infractions

The French Commission Nationale de l’Informatique et des Libertés (CNIL) imposed the fine of 50 million euros (roughly $57 million) on Google following the results of an inquiry into GDPR compliance complaints put forward by French privacy rights organisations None Of Your Business and La Quadrature du Net.

According to CNIL, Google failed to satisfactorily inform users about how their data is collected and used in serving advertisements and marketing messages. The agency also stated that Google failed to properly obtain user consent for the purpose of using their data to serve them personalised ads.

Confirming the fine, an official statement released on CNIL’s website said:

On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding ads personalization.

With the fine, Google becomes the first major U.S. tech company to be punished for falling afoul of GDPR regulations since the EU brought the privacy-focused rules into effect in 2018.

Google’s Persistent GDPR Troubles

Last September, Brave Browser filed a GDPR complaint against Google in Britain and Ireland, alleging that the search giant’s use of “real-time bidding” to allow companies to purchase personalized ads exposes more user data than is allowed under the regulations, such as ethnicity, sexuality, and political views.

According to CNIL, Google’s violations center around the ambiguity of information presented to users about their data collection and usage, as well as failure to include information about the data retention period for some information. In addition, the agency found that Google’s user consent policy for data use is invalid because it is neither specific nor unambiguous, with information diluted across several documents, which makes it difficult for users to gain a clear picture of exactly what data is collected and how it is used.

The French watchdog also noted that Google continues to engage in several of these illegal practices, meaning that they are part of a pattern of systemic GDPR violation rather than one-off offenses.

Google, on its part, has not indicated what its response to the fine will be. In a statement quoted by the Washington Post the company said:

People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.

Featured Image from Shutterstock

Last modified: September 28, 2020 4:54 AM

David Hundeyin

I am a busy Nigerian writer, journalist and writer with an interest in tech and finance. When I'm not contributing to CCN and traveling around Africa, you can catch me contributing to CNN Africa, or in the writers room at 'The Other News', Nigeria's weekly answer to 'The Daily Show' with nearly 2 million viewers. My work on 'The Other News' was featured in the New Yorker Magazine, and that was then cited in the Washington Post so I'm not sure that counts as a feature but I'll definitely mention it too! I have been nominated by the US State Department to take part in the 2019 Edward R. Murrow Program for journalists under the International Visitors Leadership Program. I also like hamsters. You can reach me on Twitter at _David_Hundeyin