Google fined £44m for GDPR breach
Google has been hit with a record €50m (£44m) fine by French data regulator CNIL for breaching the EU’s data protection rules (GDPR).
CNIL said people were “not sufficiently informed” about how Google collected data to personalise advertising, leading to a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
The regulator claims that Google did not obtain clear consent to process data because “essential information” was “disseminated across several documents”, meaning it was only accessible to users after five or six steps, rather than being upfront.
CNIL also added that Google failed to obtain a valid legal basis to process user data and that the option to personalise ads was “pre-ticked” when creating an account, which was not in line with GDPR rules.
In a statement the regulator added: “The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalisation, speech recognition, etc).
“However, the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”
Google said it was “studying the decision” to determine its next steps and reiterated that it was deeply committed to meeting