Google has been fined €50 million for breaking EU privacy laws in the first case of a US tech giant being caught under Europe's tough new data protection rules.
France’s data protection office (CNIL) found the US search engine guilty of breaking EU privacy laws by failing to obtain adequate consent from users when processing their data for the purpose of personalised advertising. The regulator also found Google did not provide clear and easily accessible information to consumers about how their information is collected and held.
“Despite the measures implemented by Google (documentation and configuration tools), the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations”, said the CNIL.
The French move is the first major case of a fine being issued under the EU’s stringent General Data Protection Regulation (GDPR) introduced last year. Under the GDPR, EU regulators have the power to fine companies as much as €20 million or 4 per cent of their annual turnover – whichever is largest.
Max Schrems, a high-profile Austrian activist who has campaigned on data privacy issues for a number of years and is chairman of NOYB, said: “We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law.
“Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products. It is important that the authorities make it clear that simply claiming to be compliant is not enough.” – Copyright The Financial Times Limited 2019