CNIL fines Google. 50 million euros. Lack of transparency, insufficient information and lack of valid consent over ad targeting
On Monday, the French CNIL announced a fine of EUR 50 million for the US web search pioneer Google, using the EU’s strict General Data Protection Regulation(GDPR) for the first time.
The fine is based on two complaints by noyb.eu(None of Your Business) and the French NGO “La Quadrature du Net”.
The CNIL said that Google made it too difficult for users to understand and manage preferences regarding the use of their personal information, especially with regard to targeted advertisements.
Max Schrems, Chairman of noyb: “We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law. Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products. It is important that the authorities make it clear that simply claiming to be complaint is not enough. We are also pleased that our work to protect fundamental rights is bearing fruit. I would also like to thank our supporters who make our work possible.”
“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said in a statement.