Google has just been fined around $56.8 million USD for failing to comply with GDPR rules. The General Data Protection Regulation is a rule passed by the European Union in 2016 that put in place laws for how companies manage and share personal data.
France’s Regulatory Authority CNIL fined the search engine giant for a lack of transparency, providing insufficient information, and lack of consent with regard to the ads it shows.
CNIL had received complaints from None Of Your Business (“NOYB”) and La Quadrature du Net (“LQDN”) on May 25th and 28th of last year, with 10,000 people calling for LQDN to refer the matter to CNIL.
The complaints were that Google had no legal right to access users’ private information for purpose of showing ads on its services. CNIL immediately started investigating the claims to check into the legality and authenticity of the complaints.
Technically speaking, the GDPR applies only to European nations, but due to the Internet’s global nature, practically every online service is subjected to abide by these rules.
The GDPR has ensured that every country has a central agency, the Data Protection Authority (DPA), to serve as the lead authority in the country where its main establishment is located. Since Google’s European Headquarters are situated in Ireland, the Irish DPA looked into the case but said it did not have decision-making power, so CNIL took matters into its own hands. Now other DPAs could take action as well.
CNIL wanted to ensure that Google’s processes were implemented in accordance with the French Data Protection Act and the GDPR. They found that Google failed to provide enough information to users about its data consent policies and didn’t provide them enough control over how their data was being used. According to the organization, the search engine has yet to resolve these discrepancies, so it was fined.
This is the heaviest GDPR fine handed out by a European authority and it is the first one given to one of Silicon Valley’s giants since the rules were implemented back in May of last year.
50 Million Euros might seem a lot, but for a company like Google, it’s a drop in the bucket. The search engine giant made $33.74 billion in the last quarter of 2018 alone. And this isn’t even the heaviest fine that the GDPR can hand out.
The GDPR allows for fines of up to 4% of a company’s annual global turnover. Google could have been fined billions of dollars.
Nevertheless, this slap on the wrist isn’t something that Google can take for granted. This is Europe’s way of sending a clear signal to US tech giants that their privacy rules are much more strict. What is seen as passable in the US will no longer stand in Europe.