Bon appétit. The French Data Protection Commission nationale de l’informatique et des libertés, CNIL, has issued a $57 million fine for Google for breaching the European Personal Data Protection Registry GDPR.
The fine arises from complaints from the group, None of your business (NOYB), and La quadrature you net – backed up by 10,000 frenchmen. The groups filed the complaint against Google for not having consent to use personal data from users, particularly for targeted ads.
The complainant was registered respectively on the 25th and 28th of May, simultaneously with the GDPR coming into force. The fine is issued based on two breaches of the GDPR. Firstly for the lack of transparency and information towards the users, and secondly because users have not had enough access to see how Google used their data in connection with advertising.
In addition, CNIL decided that Google does not have the legal basis for targeting user-based advertising, which is a cornerstone of Google’s entire business foundation.
According to the CNIL, the big fine and the publication of it are justified by the severity of the infringements in relation to three of the basic principles of the GDPR. Transparency, information and consent. The CNIL also emphasizes that there are ongoing, extensive infringements and not individual incidents.
Google has since responded to the $57 million fine by challenging the penalty. The grounds for this is because they argue that the process is “as transparent and straightforward as possible.”
Time will only tell how Google and inveitably, other big players will respond to allegations of data breaches and who will win out in the end.