Google Has Been Fined for Breaching GDPR I Different Gravy Digital

What Have Google Done?

Google has been fined £44 million for breaching the EU’s GDPR.

The US company has been fined by the French data protection watchdog CNIL for “lack of transparency, inadequate information and lack of valid consent” in relation to their ad personalisation for users.

It’s one of the larger regulatory enforcement actions since GDPR came into effect last May.

Even though Google is a US company, they must comply with the EU law because they have millions of users in Europe.

If you’re unfamiliar with GDPR, here’s what you need to know:

CNIL observed two different types of breaches of GDPR:

1. A Violation Of The Obligations Of Transparency And Information:

“Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information. The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions.”

2. A Violation Of The Obligation To Have A Legal Basis For Ads Personalization Processing:

CNIL believe that the consent is not validly obtained for two reasons.

“The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent. “

“Before creating an account, the user is asked to tick the boxes « I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy» in order to create the account. Therefore, the user gives his or her consent in full, for all the processing operations purposes carried out by GOOGLE based on this consent (ads personalization, speech recognition, etc.). However, the GDPR provides that the consent is “specific” only if it is given distinctly for each purpose.”

You can read the full CNIL statement here.

In a statement, Google commented, “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”

By Michael Goldman | January 31, 2019 | In News Blogs | Leave a comment |

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.