Home / Archive / Google Slapped with $57 Million Fine in Landmark GDPR Case

Google Slapped with $57 Million Fine in Landmark GDPR Case

Last Updated September 28, 2020 4:54 AM
David Hundeyin
Last Updated September 28, 2020 4:54 AM

By CCN.com: French regulators have slapped Google with a landmark $57 million fine for committing GDPR infractions, making it the first major U.S. tech company to face punitive action under Europe’s new digital privacy regime.

France Fines Google $57 Million for GDPR Infractions

The French Commission Nationale de l’Informatique et des Libertés (CNIL) imposed the fine of 50 million euros (roughly $57 million) on Google following the results of an inquiry into GDPR compliance complaints put forward by French privacy rights organisations None Of Your Business and La Quadrature du Net.

According to CNIL, Google failed to satisfactorily inform users about how their data is collected and used in serving advertisements and marketing messages. The agency also stated that Google failed to properly obtain user consent for the purpose of using their data to serve them personalised ads.

Confirming the fine, an official statement  released on CNIL’s website said:

On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding ads personalization.

With the fine, Google becomes the first major U.S. tech company to be punished for falling afoul of GDPR regulations since the EU brought the privacy-focused rules into effect in 2018.

Google’s Persistent GDPR Troubles

Last September, Brave Browser filed a GDPR complaint against Google in Britain and Ireland, alleging that the search giant’s use of “real-time bidding” to allow companies to purchase personalized ads exposes more user data than is allowed under the regulations, such as ethnicity, sexuality, and political views.

According to CNIL, Google’s violations center around the ambiguity of information presented to users about their data collection and usage, as well as failure to include information about the data retention period for some information. In addition, the agency found that Google’s user consent policy for data use is invalid because it is neither specific nor unambiguous, with information diluted across several documents, which makes it difficult for users to gain a clear picture of exactly what data is collected and how it is used.

The French watchdog also noted that Google continues to engage in several of these illegal practices, meaning that they are part of a pattern of systemic GDPR violation rather than one-off offenses.

Google, on its part, has not indicated what its response to the fine will be. In a statement quoted by the Washington Post  the company said:

People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.

Featured Image from Shutterstock