Google hit with $57 million GDPR penalty by french watchdog CNIL


CNIL has issued a penalty of $57 million against Google for violating Europe’s strict new data privacy laws. The agency accuses Google of not fully disclosing to users how their personal data is collected nor how the data is eventually used. It further accuses Google of not properly obtaining user consent for showing them personalized ads.

This comes as an effect for violating Europe’s new General Data Protection Regulation (GDPR). The GDPR is the world’s first major attempt to regulate firms like Google, Facebook, Amazon, etc. It focuses these companies to examine their own policies surrounding user data collection. Though Google has made enough changes to its platform to align with the GDPR, the agency says that Google hasn’t done enough.

Google states that it obtains the user’s consent to process the data for personalized ads. However, the restricted committee considers that the consent is not validly obtained for two reasons. First, user consent is not sufficiently informed. The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent. Then, the restricted committee observes that the collected consent is neither “specific” nor “unambiguous.”

CNIL in a statement said: “the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services, and almost unlimited possible combinations.” However, Google is yet to respond on the fine.

Source