Google Charged with £44m Fine for GDPR Violation

Google Charged with £44m Fine for GDPR Violation

French data watchdog CNIL has issued a Google a £44m fine for failing to follow general data protection regulation (GDPR) data protection rules. CNIL said it had levied the record fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. It is the first time that CNIL has appointed such a big levy since the European-wide GDPR regulations came into force last year. It warned that Google’s transgressions are “still observed to date” and are not a one-off infringement. In a statement, Google said it was “studying the decision” to determine its next steps.

According to France’s data protection regulator, the Commission nationale de l’informatique et des libertés (CNIL), Google breached GDPR over transparency and an alleged lack of legal basis for processing data for personalized online ads. The fine comes after the EU-wide GDPR was implemented on 25 May 2018. Almost immediately after the legislation took effect, two French advocacy groups filed complaints outlining a concern that Google’s pop up forms relied upon ‘forced consent’ by implying services would not be available without signing up. The tech giant has therefore been fined for “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization,” the regulator said.

The CNIL, therefore, judged that Google had not validly obtained users’ consent to personalise ads for because people are not sufficiently informed about how the company uses their data, nor is the consent that Google gathers “specific” or “unambiguous”. Phil Lee, partner at European law firm Fieldfisher, suggested that this is the first sign that regulators are willing to use the “whopping” new fining powers they now have under GDPR. “It’s time to get serious about unambiguous consent for targeted ads. Companies should not be asking people to ‘agree’ to their entire privacy notice. It doesn’t work. Consent needs to be specific. “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” the spokesperson of Google said.

Be the first to comment

Leave a Reply

Your email address will not be published.