France fines Google $57 million for European privacy rule breach

The outside of the Google offices in New York

France's data privacy watchdog fined Google 50 million euros ($57 million) on Monday, the first penalty for a US tech giant under new European data privacy rules that took effect a year ago.

France's top data-privacy agency, known as the CNIL, said Monday that Google failed to fully disclose to users how their personal information is collected and what happens to it. Google also did not properly obtain users' consent for the objective of showing them personalized ads, the watchdog agency said.

French regulators said Google's business practices had run afoul of Europe's new General Data Protection Regulation.

Google did not immediately respond to Ars' request for comment, but it told The Washington Post in a statement that it is "deeply committed to meeting those expectations and the consent requirements of the GDPR".

"We're studying the decision to determine our next steps", it said. "It is important that the authorities make it clear that simply claiming to be compliant is not enough", he said.

The regulator said it was Google's "utmost responsibility to comply with the obligations on the matter".

That lack of clarity meant that users were effectively unable to exercise their right to opt out of data-processing for personalisation of ads.

'People expect high standards of transparency and control from us.

CNIL took the lead on the investigation because, while Google's European Union headquarters are in Ireland, it has no decision-making power when it comes to how Google treats people's data.

The CNIL said Google made it too hard for users to understand and manage preferences on how their personal information is used, in particular with regards to targeted advertising. For that reason, the fine actually targeted Google LLC, in the US.

Even though many tech multinationals like Google are headquartered in the USA, they still have to comply with the new rules because they have millions of users in Europe.

"The purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes", the CNIL added.

Additionally, the regulator said Google had failed to obtain a valid legal basis to process user data. Google also pre-ticks the boxes through which people agree to ad-personalisation. Now that the new, EU-wide law is in place, the maximum is €20 million or 4% of global annual revenues.

The CNIL said the fine, the biggest handed out for a data protection violation and the French agency's first penalty under GDPR, are "justified by the severity of the infringements".

Related:

Comments

Latest news

Ariana Grande Targeted for Potential Plagiarism
In a quote of one of Grande's now deleted tweets, Soulja tweeted, " You're a thief ". A fellow rapper who goes by the name Princess Nokia has accused Ariana of cheating.

China economy: Fourth quarter growth slips to 6.4%
Growth in the fourth quarter came in at 6.4 percent, down from 6.5 percent seen in the third quarter, the NBS said . Trump and Chinese President Xi Jinping agreed to halt any further tariff increases for 90 days beginning January 1.

Downing Street rejects claim PM wants to change Good Friday Agreement
Crashing out, in my view.is an absolute disaster - it's not a road to a free trade agreement, it's not a road to anything. A spokesman told reporters: "Don't look for answers from Brussels". "This is the moment for London to speak".

Kamala Harris Is Running For President In 2020
Her slogan will be "For the People", in a nod to Harris' roots as a prosecutor, aides said. Tulsi Gabbard, D-Hawaii, and former Housing and Urban Development Secretary Julian Castro.

Emotional Lowry Birdies 18 to Win Abu Dhabi By One SHot
Shane Lowry made birdie on the last hole to finish off a wire-to-wire victory in the Abu Dhabi Championship. Dutchman Joost Luiten was third on 15-under while Louis Oosthuizen was one shot and one place below him.

Other news