Google cops $79 million fine for breaching GDPR

France's data protection commission fines the digital giant 50 million Euros, the first time a company has been penalised under the General Data Protection Regulation in Europe

France’s data protection authority has fined Google a hefty 50 million Euros (AUD$79.4 million) for breaches of the General Data Protection Regulation (GDPR), the first fine to be levied since the act came into effect in May 2018.

The National Data Protection Commission (CNIL) has charged Google with violating transparency and information rules around user information, as well as a lack of valid consent around ad personalisation. Specifically, the group has said Google’s information to users about how data is being used is neither clear nor comprehensive, while the structure of information does not enable it to comply with GDPR.

The fine follows an eight-month investigation by CNIL, which initially kicked off in June last year following two complaints made by associations, None Of Your Business (NOYB) and La Quadrature du Net (LQDN), the latter mandated by 10,000 people to present the case. Both related to Google’s lack of clarity around consumer data utilisation for advertising purposes.

In September, CNIL said it carried out online inspections to verify whether Google was complying with operational protocol as set out by GDPR. Off the back of this, the regulation authority identified two breaches: Lack of transparency; and lack of legal basis for ad personalisation processing.

Specifically, Google’s user consent processes around personal data were found to be invalid because users were not given sufficient information. In addition, CNIL said information was being collated in a way that didn’t allow users to be aware of the extent of data being deployed for ad personalisation purposes.

“Despite the measurements implemented by Google [documentation and configuration tools] the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life, since they are based on a huge amount of data, a wider variety of services and almost unlimited possible combinations,” the statement read.   

“For example, in the section ‘ads personalisation’, it is not possible to be aware of the plurality of services, websites and applications involved in processing operations [Google Search, YouTube, Google Home, Google Maps, Playstore, Google pictures] and therefore the amount of data processed and combined.

“Then, the restricted committee observes the collected consent is neither ‘specific’ nor ‘unambiguous’.

It’s the first time CNIL has imposed a financial penalty under the GDPR. And its stance and fine should be seen as a warning to other organisations to take heed of the regulations or risk significant financial and brand risk.

“The amount decided and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: Transparency, information and consent,” CNIL stated.

“Moreover, the violations are continuous breaches of the regulation as they are still observed to date. It is not a one-off, time-limited infringement.”

A Google spokesperson said the digital giant is now studying the decision to determine its next steps.

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” the spokesperson said.

GDPR was formally introduced across the European Union in May 2018 and is one of the most significant data privacy reforms to come out in years. The ambition is to give users more rights to protect their personal data, and the regulation covers concepts such as ‘right to be forgotten’, data breach accountability and data portability.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, join us on Facebook: https://www.facebook.com/CMOAustralia, or check us out on Google+: google.com/+CmoAu  

 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

Conversations over a cuppa with CMO: ABC's Leisa Bacon

In this episode of Conversations over a Cuppa with CMO, ABC's director of audiences, Leisa Bacon, shares how she's navigated the COVID-19 crisis, the milestones and adaptability it's ushered in, and what sustained lessons there are for marketers as we start to recover.

More Videos

Hi everyone! Hope you are doing well. I just came across your website and I have to say that your work is really appreciative. Your conte...

Rochie Grey

Will 3D printing be good for retail?

Read more

Zero proof spiritsUsa since 2011 www.arkaybeverages.com🤪🤟

Sylvie

How this alcohol-free spirits brand rode the health and wellness wave

Read more

okay this a good newsmaybe i gonna try it

kenzopoker1

CMO's top 8 martech stories for the week - 9 July 2020

Read more

Very insightful. Executive leaders can let middle managers decide on the best course of action for the business and once these plans are ...

Abi TCA

CMOs: Let middle managers lead radical innovation

Read more

One failing brand tying up with another failing brand!

Realist

Binge and The Iconic launch Inactivewear clothing line

Read more

Blog Posts

MYOD Dataset: Building a DAM

In my first article in this MYOD [Make Your Organisation Data-Driven] series, I articulated a one-line approach to successfully injecting data into your organisation’s DNA: Using a Dataset -> Skillset -> Mindset framework. This will take your people and processes on a journey to data actualisation.

Kshira Saagar

Group director of data science, Global Fashion Group

Business quiet? Now is the time to review your owned assets

For businesses and advertiser categories currently experiencing a slowdown in consumer activity, now is the optimal time to get started on projects that have been of high importance, but low urgency.

Olia Krivtchoun

CX discipline leader, Spark Foundry

Bottoms up: Lockdown lessons for an inverted marketing world

The effects of the coronavirus slammed the brakes on retail sales in pubs, clubs and restaurants. Fever-Tree’s Australia GM Andy Gaunt explains what they have learnt from some tricky months of trading

Andy Gaunt

General manager, Fever-Tree Australia and New Zealand

Sign in