The French data protection watchdog CNIL announced a fine of 50 million euros ($57 million) for US search giant Google under GDPR.
On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the adspersonalization. reads the press release published by the CNIL.
The investigation conducted by the French watchdog was started with two complaints against Google by the non-profit organizations None Of Your Business (NOYB) and La Quadrature du Net (LQDN).
Both organizations filed a complaint against Facebook in May.
The CNIL condemned Google for the violation of transparency and consent rules under the EU GDPR,
The search engine giant made it difficult for its users to find and manage preferences on data processing purposes, data retention, in particular with regards to targeted advertising.
Google has intentionally disseminated this information among too many documents, access them required up to 6 separate actions.
Anyway, the CNIL confirmed that that information is not always clear nor comprehensive.
Users are not able to fully understand the extent of the processing operations carried out by Google, the Commission says. Similarly, the information communicated is not clear enough so that the user can understand that the legal basis of processing operations for the ads personalization is the consent and not the legitimate interest of the company.
Google was also condemned because it does not obtain its user’s explicit consent to process data for targeted advertising.
the user not only has to click on the button “More options” to access the configuration, but the display of the ads personalization is moreover pre-ticked. However, as provided by the GDPR, consent is “unambiguous” only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance).
Are 50 euros million a big fine?
Absolutely no in comparison to the fines allowed by GDPR that could be also of 4 percent of the company’s annual global revenue.
Google has contested the decision of the French watchdog, it said that it should not apply only to the global Google.com domain.