What just happened? Google has been hit with a $57 million fine by France’s CNIL data protection watchdog for violating the EU’s General Data Protection Regulation (GDPR).
The CNIL said it was fining Google for making its data collection policies too difficult to access, meaning users struggle to find information “such as the data-processing purposes, the data storage periods or the categories of personal data used for the ads personalization.” The company also failed to obtain specific user consent for ad personalization.
“As provided by the GDPR, consent is ‘unambiguous’ only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance).”
The CNIL added that Google split essential information across several documents, which was sometimes only accessible following 5 or 6 actions. “For instance, this is the case when a user wants to have a complete information on his or her data collected for the personalization purposes or for the geo-tracking service.”
Google’s violations are said to be on-going and “not a one-off, time-limited, infringement."
"Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products. It is important that the authorities make it clear that simply claiming to be compliant is not enough," said Max Schrems, Chairman of watchdog noyb. The organization, which is an acronym for None Of Your Business, filed four complaints over “forced consent” when GDPR came into effect in May last year. Schrems is also going after Apple, Amazon, and other companies for GDPR violations.
Back in November, it was reported that US legislators were looking to draft a GDPR-like bill early this year.
Google says it is "deeply committed" to transparency and control and was "studying the decision" before deciding what action to take next.