French regulatory body fines Google €50 million for GDPR violations

France fines Google nearly $57 million for first major violation of new European privacy regime

Google hit with $57 MILLION fine by France’s data watchdog for murky use of personal information

'Also, the information provided is not sufficiently clear for the user to understand the legal basis for targeted advertising is consent, and not Google's legitimate business interests, ' the CNIL said.

France's data privacy watchdog CNIL announced in a statement Monday that it was imposing a record sanction of 50 million euros on the US tech giant due to "lack of transparency, unsatisfactory information and lack of valid consent for the personalization of advertisement". Implemented in 2018, the sweeping new privacy rules have set a global standard that has forced Google and its tech peers in Silicon Valley to rethink their data-collection practices or risk sky-high fines.

In a statement, Google said: "People expect high standards of transparency and control from us".

Acting on a complaint from NOYB and French group La Quadrature du Net, the agency said it had investigated the process for setting up a Google account from an Android device.

The French regulator said the world's biggest search engine lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalized ads.

The regulation was brought into force on May 25, 2018 and CNIL (National Data Protection Commission) immediately received complaints in regard to Google's services.

Users' "consent" is now set as the global default setting, which fails to meet the regulator's requirement that companies obtain "specific" consent.

"The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions", the regulator said.

The company's infringements "deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life", the commission said. At present, there is no reliable information available on how long the company saves user data, nor if they allow it to be used by other sites.

In a statement, Google said it was "studying the decision" to determine its next steps. However, the GDPR provides that the consent is "specific" only if it is given distinctly for each objective.

Modifying a user's data preferences also requires clicking through a variety of pages such as "More Options", and often the choices to accept Google's terms are pre-checked by default. Companies that violate the legislation may be fined up to 20 million euros or 4 percent of their annual turnover.

It added that Google's violations were aggravated by the fact that "the economic model of the company is partly based on ads personalisation", and that it was therefore "its utmost responsibility to comply" with GDPR.

English Premier League Report: Huddersfied Town v Manchester City 20
Prince Philip is uninjured after car accident near Sandringham