The French Data Protection Commission (CNIL) has issued Google with a 50 million euro fine for breaching the European Personal Data Protection Regulations (GDPR).
Google’s fine for GDPR violation arose after complaints from the groups ‘None of your business’ (NOYB) and ‘La quadrature du net’. The latter backed by 10,000 Frenchmen. The groups filed the complaint against Google for not having consent to use personal data from users, particularly in connection to targeted ads.
The complainants occurred on 25th and 28th of May. The same time as the new GDPR rules were coming into force. The fine was issued based on two breaches of GDPR. Firstly, for the lack of transparency and information for users. And secondly, for the lack of access for users to see how Google used their data in connection with advertising.
In addition, CNIL decided that Google does not have the legal basis to make targeted, user-based advertising. This is in fact a cornerstone of Google’s entire business foundation.
According to CNIL, the big fine and the publication of it are both justified. This justification is based on the severity of the violations in relation to three of the basic principles of GDPR: transparency, information and consent. CNIL also emphasises that there are ongoing, extensive violations and not individual incidents.
Google has since responded to the 50 million euro fine by challenging the penalty. The grounds for this is that the process is “as transparent and straightforward as possible.”
Will more firms like Google be fined for GDPR violations? Only time will tell who will win out in the end.
