France's data regulator CNIL has slapped a fine of 50 million euros on Google, claiming that the company was in breach of the EU's data protection rule GDPR. CNIL said that it imposed the fine for "lack of transparency, inadequate information and lack of valid consent regarding ads personalization" and because "users' consent is not sufficiently obtained." Its worth noting that this is the first major penalty against a US company for violating GDPR rules. Google said that it is studying the decision to determine its next steps, per Washington Post. The penalty is the result of an investigation into two complaints filed by two privacy advocacy groups - None of Your Business (NOYB) and La Quadrature du Net (LQDN). The complaints were filed in May 2018, immediately after the GDPR came into effect. The groups claimed that Google did not have any legal basis to process user data for serving personalized ads, as mandated by the GDPR. Lack of transparency CNIL found that Google made it difficult for users to access information about data processing and data storage periods, and about how this data was used for ad personalization. "The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions," CNIL noted. "Users are not able to fully understand the extent of the processing operations carried out by Google...the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes." CNIL…
