News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

My `pro bono' work

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

Insurance Europe: In...
EU stimulates digita...
Accountancy Europe: ...
Insurance Europe: In...
Insurance Europe: EU...
Commercial Risk Euro...
European Commission ...
>>Commercial Risk Euro...
Preventing misuse of...
Insurance Europe: La...
Free flow of data: E...
EU to strengthen sha...
Commercial Risk Euro...
Commercial Risk Euro...
Insurance Europe: Ov...

Home>Protecting Customers>General Data Protection

Print Page Save to My Library <Next Article Previous Article>

22 January 2019

Commercial Risk Europe: French regulator fines Google record €50m for GDPR breaches

Google has been fined €50m under Europe’s new data protection rules by the French data protection regulator CNIL, making it the largest penalty by some margin since the General Data Protection Regulation (GDPR) was introduced in May 2018.

Google has been fined for failing to obtain user consent in full before personalising adverts.

CNIL said Google users were not sufficiently informed that their personal data was collected by Google to deliver more targeted advertising. It said Google practised a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation” and did not have a valid legal basis to process user data.

“The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent,” CNIL said. It added that the box to consent to personalised ads was pre-ticked, information on how data is processed and stored is spread across several documents, and information about retention periods is not provided for some data. Moreover, users give blanket tickbox consent to processing personal information before they can create an account.

The Google fine is the largest under the GDPR and the first time the French regulator has issued a GDPR penalty since the new rules, which raise the bar for fines levied on corporates that hold and misuse personal data.

The French regulator took on the investigation following complaints from two privacy rights groups the day the new legislation took effect on 25 May 2018. CNIL was designated the lead authority between European data regulators, in particular Ireland where Google has its European headquarters.

Google’s fine exceeds the €20m sanction limits under the GDPR and instead has been based on the alternative 4% of annual turnover option, as set out under the GDPR. Google said it was studying the decision to determine its next steps, adding it is committed to the GDPR’s consent requirements.

Full article on Commercial Risk (subscription required)

© Commercial Risk Europe

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

22 January 2019

Commercial Risk Europe: French regulator fines Google record €50m for GDPR breaches

© Commercial Risk Europe

Key

Comments: