French regulatory body fines Google €50 million for GDPR violations
A French regulator has announced that Google will be hit with a financial penalty of €50 million for issues in regard to the newly implemented GDPR. The regulation was brought into force on May 25, 2018 and CNIL (National Data Protection Commission) immediately received complaints in regard to Google’s services.
The statement issued by CNIL has focused on two specific violations: the obligation of transparency and information, and the obligation to have a legal basis for ads personalization processing. The report claims that Google provided unclear information about what would happen to a user’s data, and the committee also argued that the search engine giant had not obtained proper user consent to process data for ads personalization in a valid manner. For instance, an option box for choosing whether to display personalized ads was already pre-ticked, which takes the action away from the user.
Although Google’s European HQ is actually based in Ireland, it was left for France’s CNIL body to deal with the situation as it has the appropriate decision-making authority required for this case. It has been reported that Google is “studying the decision,” but the company has previously admitted it would comply with GDPR rules.