Digital Marketing & Ad Tech News

Google gets a $57 million fine from France for GDPR violations

France used new powers from GDPR to levy a larger penalty
Published on January 21, 2019.
Gift Article
Gift Article. 10 Remaining As a subscriber, you have 10 articles to gift each month. Gifting allows recipients to access the article for free.
READ THIS NEXT   
How to create a marketing playbook that builds on what already works
Credit: Krisztian Bocsi/Bloomberg

Alphabet Inc.'s Google received a hefty fine of $56.8 million from France's privacy regulator, which used its new powers to levy much higher penalties for the first time under European Union data protection rules.

France's data authority CNIL said the amount of the fine was "justified by the severity of the infringements observed regarding the essential principles" of the EU's General Data Protection Rules, or GDPR. They are "transparency, information and consent," it said Monday in a statement.

The EU rules took effect across the 28-nation bloc on May 25, and gave national privacy regulators equal powers to fine companies as much as 4 percent of global annual sales for the most serious violations. Google has come under CNIL's scrutiny many times before, but under the old rules, fines couldn't exceed the maximum of 150,000 euros. While this is the first time CNIL has benefited from the new rules, several other countries have issued fines.

The decision can be appealed. It was triggered by two complaints, one from noyb, a group created by Austrian privacy activist Max Schrems. Google was accused of forcing users to agree to new privacy policies.

"People expect high standards of transparency and control from us," Google said in an emailed statement. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."

Schrems said his group is "very pleased" to see the new EU rules being applied. "It is important that the authorities make it clear that simply claiming to be compliant is not enough."

CNIL said it found two types of violations of EU law, one for lack of transparency and information, the other for not having a legal basis to process user data for personalized advertisements.

"Despite the measures implemented by Google (documentation and configuration tools), the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations," CNIL said.

The breach also "is not a one-off, time-limited, infringement," it said.

The decision comes just days after noyb filed a new series of privacy complaints across Europe, this time targeting companies that include Google's YouTube, Amazon.com Inc., and Netflix Inc.

--Bloomberg News

In this article:

Most Popular

WHAT TO READ NEXT

Google Cloud, looking to invade Amazon's turf, inks deal with OpenX

Google Cloud, looking to invade Amazon's turf, inks deal with OpenX
Salesforce moves to provide analytics for 'consumer journeys'

Salesforce moves to provide analytics for 'consumer journeys'
Spotify and Pandora duke it out for podcasting prominence

Spotify and Pandora duke it out for podcasting prominence
Netflix CEO interrupts quarterly earnings with product placement

Netflix CEO interrupts quarterly earnings with product placement
Netflix crowns itself king of TV, but loses to 'Fortnite'

Netflix crowns itself king of TV, but loses to 'Fortnite'
Snapchat CFO departs after less than a year on the job

Snapchat CFO departs after less than a year on the job
Roku pulls new Alex Jones and InfoWars channel after backlash

Roku pulls new Alex Jones and InfoWars channel after backlash
Amazon launches new IMDb that has free movies, shows

Amazon launches new IMDb that has free movies, shows