wordpress blog stats
Connect with us

Hi, what are you looking for?

French data regulator slaps Google with a €50M GDPR fine over lack of transparency and consent

France’s data regulator CNIL has slapped a fine of 50 million euros on Google, claiming that the company was in breach of the EU’s data protection rule GDPR. CNIL said that it imposed the fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization” and because “users’ consent is not sufficiently obtained.”

Its worth noting that this is the first major penalty against a US company for violating GDPR rules. Google said that it is studying the decision to determine its next steps, per Washington Post.

The penalty is the result of an investigation into two complaints filed by two privacy advocacy groups – None of Your Business (NOYB) and La Quadrature du Net (LQDN). The complaints were filed in May 2018, immediately after the GDPR came into effect. The groups claimed that Google did not have any legal basis to process user data for serving personalized ads, as mandated by the GDPR.

  • Lack of transparency

CNIL found that Google made it difficult for users to access information about data processing and data storage periods, and about how this data was used for ad personalization. “The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions,” CNIL noted.

“Users are not able to fully understand the extent of the processing operations carried out by Google…the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes.”

CNIL further noted that Google has not informed users clearly enough for them to understand that data processing [is meant to be] carried out on the basis on user consent, and not the company’s interest.

Advertisement. Scroll to continue reading.
  • Not sufficient or valid consent

The regulator added that Google has failed to obtain valid legal consent from users’ for processing data. “The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent,” notes CNIL.

It said that the option to personalize ads is pre-ticked, which violates the GDPR requirement that consent be “unambiguous”, obtained with a “clear affirmative action” from the user, for instance by “ticking a non-pre-ticked box.” The GDPR provides that the consent is specific only when it is given distinctly for each purpose.

Amazon, Apple, Google, Netflix and Spotify face complaints in Austria 

Its worth noting that Amazon, Apple, Google, Netflix and Spotify are facing complaints with Austria’s data regulator for violating a GDPR requirement which mandates that companies let users download copies of their personal data collection by tech companies. GDPR also requires that the information be both machine-readable and easily understood by customers.

The complaint was filed by NYOB, which was also one of the complainants in the Google case. For context, the maximum penalty for GDPR breach is 20 million euros or 4% of a company’s global turnover.

Read more:

Advertisement. Scroll to continue reading.
Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ