Google Fined $57 Million Over GDPR Violations

Privacy regulators in France have fined Google around $57 million for failing to comply with Europe's sweeping privacy rules.

In a ruling issued Monday, the French National Data Protection Commission (CNIL) said Google failed to obtain people's unambiguous consent before using their data in order to personalize ads. 

"The infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations," the CNIL wrote.

The GDPR, which went into effect May 25 of last year, requires companies to obtain people's consent before using their data for ad targeting.

The CNIL said Google's interface included a pre-checked a box that allowed the company to use data for ad targeting. But the use of a pre-checked box was problematic, because it rendered people's consent ambiguous, according to regulators.

“Consent is 'unambiguous' only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance),” the CNIL stated.

The regulators also faulted Google for failing to adequately explain how it uses data collected across various services for ad targeting.

“The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent,” the CNIL wrote. “For example, in the section 'Ads Personalization,' it is not possible to be aware of the plurality of services, websites and applications involved in these processing operations (Google search, You tube, Google home, Google maps, PlayStore, Google pictures…) and therefore of the amount of data processed and combined.”

The ruling grew out of complaints filed in May by the groups None Of Your Business, helmed by privacy advocate Max Schrems, and La Quadrature du Net. 

Schrems cheered news of the CNIL's decision. "We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law," he stated Monday. "Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products."

None of Your Business has also filed complaints against Facebook and two companies it owns -- Instagram and WhatsApp.

2 comments about "Google Fined $57 Million Over GDPR Violations".
Check to receive email when comments are posted.
  1. David Freid from Verti Group International, January 22, 2019 at 11:24 a.m.

    Knew this was coming... 

  2. John Eric from TreasureBox, January 22, 2019 at 12:31 p.m.

    The amount decided, and the publicity of the fine, are justified by the severity of the infringements for more:

Next story loading loading..