On Monday, France’s privacy watchdog, CNIL, announced it had fined Google 50 million euros due to the tech giant’s violation of the recently enacted General Data Protection Regulation (GDPR).
The hefty fine was levied against Google as a result of "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization."
GDPR went into effect last spring across the European Union. The law gives Europeans more control over how their personal data is being collected and processed by companies online. The regulations include significant fines for companies that are found to be in violation of the strict data protection laws. Even though Google is an American company, it is still obligated to comply with GDPR regulations since it serves millions of users in the EU and the regulations cover all Europeans.
One of the fundamental rights covered by GDPR is the right to access the personal data that a company stores on them, as well as information regarding data processing including exactly what data is being processed, for how long, and for what purpose. All of this information must be provided to the data subject in a clear, concise, legible, easy to understand, and easy to access manner.
The CNIL alleges that Google violated this right protected by GDPR as it found that Google made it unnecessarily difficult for a user to access information about the way the company collects and processes their data. The privacy watchdog explains that, "essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information. The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions."
The CNIL found that Google did not validly obtain user consent to opt in for data collection related to ad personalization. This allegation stems from the CNIL’s opinion that, "the information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent," and that "the collected consent is neither specific nor unambiguous."
Though Google is likely to appeal the fine, this legal action by the CNIL shows that the EU’s GDPR regulations are not to be messed with by any company that does business in Europe. This is welcome news to privacy advocates and consumers concerned about their digital privacy. It shows that government agencies are cracking down on companies that are cutting corners and not abiding by strict data protection regulations.
If you are concerned about your online privacy and protecting your personal data, consider using a VPN. The top VPNs on the market today will encrypt all of your internet traffic and help keep your personal data safe and sound as you browse the web.