French data regulator slaps Google with $56.8 million GDPR fine

French data regulator slaps Google with $56.8 million GDPR fine

Tuesday January 22, 2019,

2 min Read

France's CNIL says Google did not fully disclose to users how their personal information was collected and what was done with it.

Image: Shutterstock

French regulator CNIL has fined Google 50 million euros ($56.8 million) for violating Europe’s tough new data-privacy rules, according to a report in the Wall Street Journal.  This is the first major penalty – and the biggest fine under the law - against a US tech giant since the regulation came into effect last year.

The General Data Protection Regulation requires companies to abide by strict data-protection and privacy rules in the EU. Companies must explain to users how their data is being collected and used, and have to seek consent for the same.

The CNIL said Google violated rules by not making data collection transparent, and not informing users properly. It said the company did not explicitly address data-processing purposes and data-storage time periods, alleging that it made it difficult for customers to understand these things. The fact that the consent boxes were already marked as checked was a violation of the law, the regulator said.

A Google spokesman told WSJ: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”

Now that Google has been slapped with such a hefty fine, other corporations have their – and their lawyers’ - work cut out to ensure that their policies do not risk fines.

Under the GDPR, EU regulators can fine companies up to four percent of their world-wide annual revenue, or 20 million euros, whichever is larger.

Lawyers are working overtime on the legal consent part of data, and there is confusion over why users want services and data to be anonymous because the “internet is driven by data-led services”.

“People want data protection, which companies can offer. But when they don't want their data used, they blame us for not giving them personalisation,” says a startup founder in the B2C industry, complaining that the laws were not understood by users themselves.