This is the biggest ever fine being enforced on a US-based tech, namely Google, for violating GDPR.
- The French data regulator has fined Google for not being transparent about its policies.
- CNIL has fined Google for failing to provide information retention period in some cases.
- CNIL has also fined Google for failing to obtain proper consent from users for personalized ads.
France’s data protection regulator, CNIL, has levied a fine of $57 million on Google for failing to comply with its data protection guidelines. This is the biggest ever fine being enforced on a United States-based tech company since the General Data Protection Regulation (GDPR) was enforced in the European Union (EU) in May 2018.
The French watchdog said that the search engine giant was being fined for two types of breaches under the GDPR. The regulator said that Google lacked transparency and that it didn’t made it easy for its users to determine how their personal data was being processed by the company. The regulator said that the relevant information, such as the data collected for the geo-tracking service or for personalisation purpose, was accessible only after several steps and that “some information was not always clear nor comprehensive”.
The regulator also said that besides being vague in describing the way it processed the user data, the Mountain View, California based company also failed to provide the information retention period in some cases.
In the second set of GDPR violations, CNIL said that the tech giant didn’t obtain proper consent from its users to process their data for providing personalised ads. “The restricted committee observes that the users’ consent is not sufficiently informed…The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent,” the French watchdog observed.
For those of you who are unaware about the data protection guidelines that came into force in the EU last year, here are quick brief. The European Union adopted a set of strict guidelines to protect user data within its territory. These guidelines are some of the toughest regulations in the world and they enable the local data regulator to levy a fine of up to four per cent of a company’s global revenue. Additionally, they give the EU better control over their data, which includes right to knowing the data being collected about them by various entities and the right to be forgotten.
Meanwhile, Google, responding to the fine has said that it is committed to meeting GDPR norms. “We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said, as reported by Reuters.