Google fined $57M after France finds violations of new European Union privacy law

France uses new EU data law to fine Google €50 million

Google fined $57M after France finds violations of new European Union privacy law

Today, France's top data-privacy agency, known as the CNIL, issued the very first major penalty against a USA company for violating Europe's strict new data privacy laws, via The Washington Post.

The National Data Protection Commission said it fined the US internet giant for "lack of transparency, inadequate information and lack of valid consent" regarding ad personalization for users.

Once the General Data Protection Regulation, known as GDPR for short, went into effect in Europe previous year, it was regarded as only a matter of time before regulators there would use the stricter privacy framework to push back on tech giants in a way that's not happening in the US. Implemented in 2018, the sweeping new privacy rules have set a global standard that has forced Google and its tech peers in Silicon Valley to rethink their data-collection practices or risk sky-high fines.

Secondly, even though Google says that it asks for its users' consent before processing data meant for ads personalization, CNIL's restricted committee found that is not the case given that users are not sufficiently informed during this process and the consent is neither "specific" nor "unambiguous", as required by the GDPR.

The commission acted on complaints by two data protection advocacy groups, NOYB.EU and La Quadrature du Net, filed immediately after GDPR took effect.

"The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions", CNIL said.

In a statement obtained by ABC News, a Google spokesperson said the company is "studying the decision" to determine its next steps.

Google, for its part, acknowledged that "high standards" of transparency and control are expected of the company by the public and that Google is "committed to meeting those expectations and the consent requirements of the GDPR". The penalty is also connected to the way the French agency sees Google as not being clear enough in a broad sense about how user data is collected and how it's subsequently used.

Google has yet to issue a statement on the fine.

"The purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes", the CNIL added.

"The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent", it said. Google also pre-ticks the boxes through which people agree to ad-personalisation.

"We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law", Schrems said in a statement Monday.

French regulators began investigating Google on May 25 - the day GDPR went into effect - in response to concerns raised by two groups of privacy activists.

Latest News