French data regulator CNIL has fined Google £44 Million for breaking the EU’s data protection rules.
The GDPR has been law for almost 8 months and we have already seen a huge fine given to one of the “big fish”.
Two French privacy rights groups filed complaints against Google just one day after the GDPR became law. Their reason? They filed the lawsuit against Google for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
Personalised ads are being used by many web companies now. They collect your data to create ads they believe are more relevant to you based on things like your browsing history.
Google claimed that users provide consent when creating a Google account. “The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalisation, speech recognition, etc).”
However, the French data regulators CNIL found that the consent was “pre-ticked” which was against GDPR rules. GDPR also states that consent is ‘specific’ only if it is given distinctly for each purpose. Which means that Google should have asked for consent for each individual piece of data they wanted to process.
In a statement, Google said: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”
The GDPR was introduced in May 2018 and has been noticeable not by the large fines that were widely anticipated to become common place but rather by the lack of fines that have been given. Googles £44m is a gentle reminder of the possible repercussions of failing to adhere to the GDPR and not showing due respect to peoples’ data privacy.