Google hit with largest GDPR fine
- Noa Geva, CIPP/E, Adv.
- Jan 22, 2019
- 1 min read
Google was yesterday (January 21, 2019) fined 50 million Euros by France’s privacy regulator CNIL over the “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization” and could receive further penalties if it does not amend these practices. To date, this is the largest fine issued against a company since GDPR came into effect last year.
CNIL claims Google lacked a legal basis for processing personal information when it relied upon consent as its legal basis to engage in personal advertising activities. According to CNIL, it has fined Google for the following reasons:
1) Individual users were insufficiently informed of what level of processing they were consenting to. CNIL uses as a specific example that one uniform consent was relied upon for different processing activities, specially identifying Google search, YouTube, Google home, Google maps, and Playstore, Google photo.
2) CNIL claims the consent they relied upon was insufficiently specific and was not freely revocable. CNIL specifically mentions that the option to consent to personal advertising was already PRE-CHECKED by default under an individual's personal settings.
This update is presented as a summary only and should not be regarded as advice regarding any specific situation. For specific advice please contact our office.
ttps://www.cnil.fr/fr/la-formation-restreinte-de-la-cnil-prononce-une-nction-de-50-millions-deuros-lencontre-de-la