Google fined $57 million for lack of transparency

Share

The agency also accused Google of not properly obtaining user consent for showing them personalized ads.

Max Schrems and his None Of Your Business (NOYB) non-profit had been first off the blocks, complaining against Google and Facebook minutes after the GDPR took effect on May 25th.

They said Google had made it too hard for users to understand and manage preferences on how their personal information is used, in particular with regards to targeted advertising.

In addition, the CNIL said users "are not fully able to understand" the extent of Google's data processing, which is described as "massive and intrusive" given the number of services - 20 - offered and the sheer volume of data involved.

Google did not immediately respond to Ars' request for comment, but it told The Washington Post in a statement that it is "deeply committed to meeting those expectations and the consent requirements of the GDPR".

The commission said Google users were "not sufficiently informed" about what they were agreeing to as the company collected data for targeted advertisements.

While the number looks over-the-top, CNIL says that the fine was decided "by the severity of the infringements observed, " as well as Google's position in the French market.

'We're studying the decision to determine our next steps'.

Congress prepares to skip planned recess if shutdown goes on
The Democrats in the House of Representatives have refused to include the money in the 2019 budget, saying the wall is "immoral". Trump's claim that rank-and-file Democrats looking to make a shutdown deal are being held back by party leaders.

According to CNIL, Google's violations center around the ambiguity of information presented to users about their data collection and usage, as well as failure to include information about the data retention period for some information. "It is important that the authorities make it clear that simply claiming to be complaint is not enough".

The European Union's General Data Protection Regulation gives Europeans more control over their information and how companies use it.

"Following the introduction of GDPR, we have found that large corporations such as Google simply "interpret the law differently" and have often only superficially adapted their products". However, the GDPR provides that the consent is "specific" only if it is given distinctly for each objective.

The committee found that information on personal data used for the ads personalization were spread across several documents, with buttons and links on which it is required to click to access complementary information.

Users are also unable to understand that Google is relying on consent as the legal basis for processing under GDPR, rather than the legitimate interest of the company.

"Each day thousands of French users create a Google account on their smartphones", the CNIL said. That's not the end of the story.

Google has kicked off 2019 by getting hit with yet another multimillion-dollar fine from a European regulator. Ultimately, the GDPR's power is not just about monetary penalties, but forcing changes to business models.

Share