France fines Google €50 million in landmark GDPR caseStaff Writer | January 21, 2019
France's regulatory body dealing with data privacy has fined Google €50 million regarding advertisers’ access to users' personal data.
Europe It marks the first time the CNIL has used the EU's GDPR
It marks the first time the CNIL has used the EU's strict General Data Protection Regulation (GDPR).
The authority said Google did not take appropriate measures when asking users for their data.
"The restricted committee observes that the users’ consent is not sufficiently informed," the CNIL wrote in a statement.
It added that "the collected consent is neither 'specific' nor 'unambiguous',” because it was difficult for users to modify preferences on where their data was used, particularly concerning targeted ads.
"The user not only has to click on the button 'More options' to access the configuration, but the display of the ads personalization is moreover pre-ticked," the body wrote.
Two advocacy groups, None Of Your Business (NOYB) and La Quadrature du Net (LQDN), filed group complaints with the CNIL in May 2018. LQDN filed on behalf of 10,000 individuals.
The organisations "reproach GOOGLE for not having a valid legal basis to process the personal data of the users of its services, particularly for ads personalization purposes."
The CNIL launched an investigation "immediately" after these complaints were submitted.
"The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of the General Data Protection Regulation (GDPR): transparency, information and consent," the regulatory organisation said.
"Moreover, the violations are continuous breaches of the Regulation as they are still observed to date. It is not a one-off, time-limited, infringement." ■