French Watchdog Hits Google with Record $57 Million GDPR Fine
The record-setting GDPR fines keep rolling in. On Monday, France’s National Data Protection Commission (CNIL) said it has fined Google some 50 million euros (just shy of $57 million USD) for “lack of transparency, inadequate information, and lack of valid consent” with regard to ad personalization.
The filing comes after the organization received complaints from two associations—None Of Your Business (NOYB) and La Quadrature du Net (LQDN). In both instances, Google was said to have not had a “valid legal basis to process the personal data of the users of its services,” particularly in relation to personalized ads on their services. Those complaints were initially filed back in late May, right around the time that GDPR officially went into law in Europe. CNIL said that it began investigating the claims almost immediately.
In its statement, CNIL made fairly clear just how nitpicky these GDPR watchdogs are going to be when it comes to how they handle these cases and how they determine whether or not an organization is compliant with the consumer privacy rules. Sure, Google may have had all of the necessary statements and disclosures available to the public across their various platforms and services. However, as CNIL points out, “Essential information … are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information.” In fact, they said, it could sometimes take up to five or six actions in order to obtain the information necessary.