France fines Google €50m for GDPR violations
Its the biggest fine yet to be issued by a European regulator under the new EU privacy lawEuropost
France’s data protection regulator, CNIL, has issued Google a €50m fine for its inability to comply with its GDPR obligations, The Verge reports. This is the biggest GDPR fine yet to be issued by a European regulator and the first time one of the tech giants has been found to fall foul of the tough new EU regulations that came into force in May last year.
According to CNIL the fine was issued because Google failed to provide enough information to users about its data consent policies and didn’t give them enough control over how their information is used. According to the regulator, these violations are yet to have been rectified by the search giant. Under GDPR, companies are required to gain the user’s “genuine consent” before collecting their information, which means making consent an explicitly opt-in process that’s easy for people to withdraw.
Although the €50m fine seems large, it’s small compared to the maximum limits allowed by GDPR, which allows a company to be fined a maximum of four percent of its annual global turnover for more serious offenses. For Google, which made $33.74bn in the last quarter alone, that could result in a fine in the billions of dollars.
This is not the first GDPR fine to have been issued, but it’s by far the biggest. In December, a Portuguese hospital was fined €400,000 after its staff used bogus accounts to access patient records, while a German social media and chat service was fined €20,000 in November for storing social media passwords in plain text. A local business in Austria was also fined €4,800 in October last year for having a security camera that was filming public space.
Responding to the fine, a Google spokesperson said that the company is “deeply committed” to meeting the “high standards of transparency and control” that people expect of it. They said that the company was studying CNIL’s decision in order to determine its next steps.
Separately, Google has also been accused of GDPR privacy violations by consumer groups across seven European countries over what they claim are “deceptive practices” around its location tracking.