France fines Google $57 million for breaking Europe's strict new privacy rules

Advertisement
France fines Google $57 million for breaking Europe's strict new privacy rules

Sundar Pichai

AP

Google CEO Sundar Pichai.

Advertisement
  • France's data regulator has fined Google €50 million ($57 million) for breaching European privacy rules.
  • The regulator, CNIL, said Google didn't properly explain how or why it collects people's data.
  • CNIL also said Google didn't obtain proper consent to target ads at its users.
  • This is the first major test of Europe's privacy rules, which gives local regulators the power to impose fines running into the many millions of dollars.

Google has been fined €50 million ($57 million) by the French privacy watchdog for breaching Europe's strict new privacy rules, the GDPR.

France's data watchdog CNIL used its powers under GDPR to levy a considerably higher fine on Google than it could before. CNIL said Google doesn't clearly tell its users what it does with their personal data, and that its methods of gathering information are "particularly massive and intrusive."

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

CNIL also said Google doesn't properly ask for users' consent to target them with personalised ads.

Read more: Sheryl Sandberg gave an unconvincing speech about privacy just when she needed to sound sincere

The fine is a major test for the privacy rules, which came into effect across Europe on May 25 and gives data regulators the power to impose big fines. Authorities can fine entities up to €20 million or 4% of turnover, whichever is greater. The French case shows authorities are not afraid to impose substantial penalties.

Advertisement

It's possible Google will appeal the decision.

CNIL's investigation was triggered by privacy activist Max Schrems, who has filed multiple lawsuits against major tech firms, and French privacy group La Quadrature du Net.

Schrems said in a statement: "We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law. Following the introduction of GDPR, we have found that large corporations such as Google simply 'interpret the law differently' and have often only superficially adapted their products.

"It is important that the authorities make it clear that simply claiming to be compliant is not enough. We are also pleased that our work to protect fundamental rights is bearing fruit. I would also like to thank our supporters who make our work possible."

A Google spokesman told Bloomberg: "People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."

Advertisement
{{}}