Google Fined $57 million in France for Breaching EU Data Protection Rules

Search engine giant Google has been fined $57 million dollars (£44 million or €50 million) by the National Commission for Informatics and Liberties (CNIL) for breaching the EU’s data protection rules.

The hefty fine comes after entertainment streaming companies, including other major names such as Amazon, Spotify, Netflix and Apple were accused of breaking the EU’s data regulations.

Rules from the General Data Protection Regulation (GDPR), state that EU customers have the right to access a copy of the personal data that companies have on them, and this law came into effect in May of 2018.

However, privacy organisation noyb said that it found most of these big streaming companies did not fully adhere to these rules. It has since filed formal complaints, which could result in large fines if upheld, which was the case with Google.

So, we could be seeing hefty fines arriving for the biggest tech companies around, with regulators able to impose fines of 4% of global revenue for any such violations.

The French regulator said it has issued the fine against Google for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.

It also added that it judged that people were “not sufficiently informed” about how Google collected data to personalise advertising.

Google are being sued for breaching data protection rules, on what they know about users data. Credit: Tech News Today

Complaints against Google were filed in May last year by both noyb and another privacy rights group, La Quadrature du Net (LQDN). The first complaint was filed under the GDPR legislation on May 25th, the very day it took effect.

Both groups complained that Google did not have a valid legal basis to process user data for ad personalisation, which is mandatory under the GDPR.

While Google’s European headquarters is in Ireland, authorities decided that the case would be handled by the French data regulator as the Irish watchdog didn’t have the “decision-making power” over its Android operating system and its services.

CNIL said Google had not acquired clear consent to process data because “essential information” was “disseminated across several documents”.

“The relevant information is accessible after several steps only, implying sometimes up to five or six actions,” CNIL stated. “Users are not able to fully understand the extent of the processing operations carried out by Google.”

The matrix of modern day privacy on online user data is constantly being challenged in the age of information, as technology has advanced faster than many new laws on privacy can keep up. Credit: Entrepreneur

It also added that Google had failed to acquire a valid legal basis to process user data.

“The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent” it added.

Google also has an option to personalise ads when creating an account, an option which is “pre-ticked” and does not respect the GDPR rules.

“The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalisation, speech recognition, etc).

“However, the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”

In a responding statement, Google said: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”

There’s currently a war going on over users data privacy, with big tech companies and new EU laws clashing against each other. Credit: Composity

Sonia Cissé, Managing Associate at Linklaters said the following about the Google fine, “It’s more than just a significant amount of money, this sanction is particularly detrimental to Google as it directly challenges its business model and will, in all likelihood, require them to deeply modify their provision of services.”

Google’s large fine will be sending reverberations around Silicon Valley today, with emphasis on being transparent on users data and privacy becoming ever more clearer than before.

As for Netflix, Apple, Amazon and Spotify, no fines have been placed as of yet, so either they’ve been proved not to have breached GDPR rules, or they haven’t been investigated to the fullest degree just yet.

Surely, there should be no grey area within regard to user privacy, as in the age of information, newer laws and privacy regulations have caught up to the previous lack of data privacy of its users and specifically to that of the breaches of data privacy, that’s been occurring just about everywhere in regards to the big tech companies taking advantage of users’ online data.

Seemingly, those days are now over, or at least we can hope so, especially since some of these big tech firms, have now become stand alone monopolies.


Story by Emily Clark

Featured Photo Credit: HackRead 

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top