French authorities have fined Alphabet’s Google (NASDAQ: GOOGL) nearly USD 57 Million for violating Europe’s new data-privacy regulations. Google is the first major U.S. tech company to be penalized since these regulations were implemented by the General Data Protection Regulation (GDPR) in 2018.
The CNIL, France’s top data-protection agency, said on Monday that it will be imposing a penalty of 50 Million euros (USD 57 Million) against Google for violating obligations of transparency, information and valid consent, specifically for the use of ad personalization.
Initial complaints were received by the CNIL back in May 2018. Two separate associations, None of Your Business and La Quadrature du Net, claimed Google had no legal basis to process personal user data for the use of ad personalization.
The CNIL began its online inspection in September 2018 to verify the agreement of Google processing operations with the French Data Protection Act and the GDPR. Two types of breaches of the GDPR were documented.
A CNIL committee identified that information provided by Google is not easily accessible for users. Information such as data processing purposes, data storage periods, and the categories of personal data used for ad personalization, is only accessible after multiple steps requiring access to several documents or links. The committee observed that the extent of Google’s processing operations is also not adequately communicated to users.
Google claims that it obtains consent from users to process data for ad personalization purposes. The CNIL committee, however, declared the consent is not validly obtained. Information regarding processing operations for the purpose of ad personalization is split among several documents.