Google happens to be the first tech giant to fall foul of the strict GDPR regulations. As a result of which it was fined a whopping €50 million fine (around $56.8 million USD) by France’s data protection regulator, CNIL.
CNIL explained that Google violated two provisions of the law: first, by not making its data-collection policies easily accessible to users and second by not obtaining sufficient and specific user consent for ad personalization across each of Google’s numerous platforms, including YouTube, Maps, and other IT services. “The violations are continuous breaches of the Regulation as they are still observed to date. It is not a one-off, time-limited, infringement,” the CNIL said
“Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products,” Max Schrems, founder of Nyob.eu, said in a statement. Privacy activist Schrems filed the two complaints against Google along with a French digital advocacy group, called La Quadrature du Net. The complaints were lodged in May last year, shortly after the landmark GDPR directive came into effect.
“It is important that the authorities make it clear that simply claiming to be compliant is not enough,” he added. He had also filed related complaints against Facebook, Instagram, and Whatsapp, which remain pending.
Responding to the fine, a Google spokesperson said, “People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.” This anyhow isn’t the first time for Google. Consumer groups spread across seven European nations accused Google of following “deceptive practices” around its location tracking violating GDPR privacy laws.