Skip to main content

Google hit with record fine for European privacy law violations

1/22/2019
Google has run afoul of European Union regulations protecting consumer privacy.

The National Data Protection Commission, a French regulatory body, is fining Google $57 million for what it says are violations of the European Union (EU) General Data Protection Regulation (GDPR). This is the highest GDPR-related fine that has been issued since the law went into effect in May 2018.

Specifically, the commission cites “lack of transparency, inadequate information and lack of valid consent” in how Google collects and uses consumer data to personalize the ads users see.

In September 2018, the commission responded to complaints initially filed by European consumer advocacy groups in May 2018 with an investigation. The investigation found that Google did not make essential information, such as the purposes for processing of user data or the categories of personal information used for ad personalization, readily available. Relevant information took as much as five or six individual clicks to find.

In addition, the investigation found some information is not always clear or comprehensive, and that Google does not sufficiently inform users about how their data is processed for them to give informed consent. Furthermore, the commission said the violations are continuous breaches that are still occurring. The commission cited the severity and ongoing nature of the violations in its decision to levy such a large fine.

Google has not yet issued an official response to the decision. However, a Google spokesperson told CNET, “People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."

The full statement from the National Data Protection Commission is available here.
X
This ad will auto-close in 10 seconds