Google Slapped with $57 Million Fine in Landmark GDPR Case

Daniel Fowler
January 21, 2019

In addition, the agency found that Google's user consent policy for data use is invalid because it is neither specific nor unambiguous, with information diluted across several documents, which makes it hard for users to gain a clear picture of exactly what data is collected and how it is used.

"The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions", the regulator said.

Meanwhile, Google requires people who sign up to agree to its terms and conditions in full in order to create their accounts, a form of consent that the CNIL faulted because it requires users to agree to everything - or not use the service at all.

Google did not immediately respond to Ars' request for comment, but it told The Washington Post in a statement that it is "deeply committed to meeting those expectations and the consent requirements of the GDPR".

'We're studying the decision to determine our next steps'.

Despite Google's changes, the CNIL said in a statement that "the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and nearly unlimited possible combinations". "It is important that the authorities make it clear that simply claiming to be compliant is not enough", he said.

Interested in Google? Add Google as an interest to stay up to date on the latest Google news, video, and analysis from ABC News.

IPhone Sales Slump Finally Sparks Apple to Get Innovative
The Tozo Ultra-Thin iPhone Case is available for all of Apple's latest iPhone models, and it's still just 0.35mm thick. The information regarding the compatibility of the smart battery case for the iPhone X does not come from Apple.

It noted for example that specifics on how long a person's data is kept and what it is used for are spread across several different web pages. It allows users to better control their personal data and gives regulators the power to impose fines of up to 4 percent of global revenue for violations.

While the number looks over-the-top, CNIL says that the fine was decided "by the severity of the infringements observed, " as well as Google's position in the French market.

It said the record 50-million-euro fine reflected the seriousness of the failings as well as Google's dominant market position in France via Android.

"As a result the company has a special responsibility when it comes to respecting their obligations in this domain", it said.

France's maximum data protection fine used to be a mere €150,000, though it upped that to €3 million in the two years before the GDPR law took effect.

Earlier this month the advocate general for the European Court of Justice in Luxembourg sided with Google in the case, though a final ruling has not yet been announced.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER