Last September, Brave Browser filed a GDPR complaint against Google in Britain and Ireland, alleging that the search giant’s use of “real-time bidding” to allow companies to purchase personalized ads exposes more user data than is allowed under the regulations, such as ethnicity, sexuality, and political views.
According to CNIL, Google’s violations center around the ambiguity of information presented to users about their data collection and usage, as well as failure to include information about the data retention period for some information. In addition, the agency found that Google’s user consent policy for data use is invalid because it is neither specific nor unambiguous, with information diluted across several documents, which makes it difficult for users to gain a clear picture of exactly what data is collected and how it is used.
The French watchdog also noted that Google continues to engage in several of these illegal practices, meaning that they are part of a pattern of systemic GDPR violation rather than one-off offenses.
Google, on its part, has not indicated what its response to the fine will be. In a statement quoted by the Washington Post the company said:
People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.
Featured Image from Shutterstock