France’s data watchdog has issued a €50 million fine (about $56.8 million USD) to Google for failing to comply with GDPR, it announced on Monday.
The National Commission on Informatics and Liberty (CNIL) said Google made it impossible for users to understand and manage preferences on how their personal information is used, in particular with regards to ads personalization.
The fine marks the first time a major tech company has been penalized under GDPR.
The General Data Protection Regulation (GDPR), which went into effect on 25 May 2018 is a regulation in the EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Complaints against Google were filed with the CNIL on the day the legislation took effect by two privacy rights groups – None of Your Business (NYOB) and La Quadrature du Net (LQDN). France’s LQDN filed on behalf of 10,000 signatories, while the NYOB was created by the Austrian privacy activist Max Schrems.
Under the GDPR regulation, companies are required to get a user’s “genuine consent” before collecting their information. Thus, making consent an explicitly opt-in process that’s easy for people to withdraw.
Schrems has accused Google of securing forced consent via Android Mobile operating software through the use of pop-up boxes online or on its apps which imply that the services will not be available until the user accepts its conditions of use.
Last week, Apple CEO Tim Cook wrote an op-ed in Time magazine where he suggested similar data privacy laws be established in the United States.
The €50 million fine might seem like a huge sum, but it’s not as high as GDPR fines can get. Regulatory fines for non-compliance are either a fine of up to €10m or 2% of turnover, or up to €20m or 4% of annual global turnover. For companies like Google and Facebook, the fines could go into billions.