Google to pay world's largest data protection fine

Legalbrief Forensic

The French data protection watchdog CNIL has fined Google a record €50m for failing to provide users with transparent and understandable information on its data use policies. According to a report in The Guardian, for the first time, the company was fined using new terms laid out in the pan-European general data protection regulation. The maximum fine for large companies under the new law is 4% of annual turnover, meaning the theoretical maximum fine for Google is almost €4bn. The fine was levied, CNIL said, because Google made it too difficult for users to find essential information, ‘such as the data-processing purposes, the data storage periods or the categories of personal data used for the ads personalisation’, by splitting them across multiple documents, help pages and settings screens. That lack of clarity meant that users were effectively unable to exercise their right to opt out of data-processing for personalisation of ads. Additionally, the watchdog found that even when user consent was collected, it did not meet the standards under GDPR that such consent be ‘specific’ and ‘unambiguous’, since users were not asked specifically to opt in to ad targeting, but were asked simply to agree to Google’s terms and privacy policy en masse.

Full report in The Guardian