French Data Regulator Imposes €50m Fine On Google


A €50 million (£44.1 million) fine has been imposed by the French data regulator on Google. The agency accuses the tech giant of breaching the rules of the European Union on consumer data protection.

This afternoon, the restricted committee of the CNI laid down the judgement. It said that Google was responsible for a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation” under the guidelines set by the General Data Protection Regulation (GDPR).

As the first ever fine imposed by France under the new legislation, CNIL said that the penalty was “justified by the severity of the infringements observed regarding the essential principles of GDPR.”

Even though the fine is considered as the largest under GDPR to date, it is relatively small as compared to the maximum penalty limit of the legislation of up to four percent of the annual global turnover of a firm. In the case of Google, the fine could have been more than $4.3 billion (£3.3 billion) based on the revenues amounting to $109.7 billion in its last full financial year.

A spokesperson from Google said that the firm was “studying the decision” to prepare for its next steps.

The regulator said that Google had not been able to provide its users with enough information regarding its data consent policies and sufficient control over how their data is used. It also said that Google did not have a valid legal basis on which to collect information for personalising its ads.

The regulator stated: “Despite the measures implemented by Google… the infringements observed deprive users of essential guarantees regarding processing operations that can reveal important parts of their private life.”

It added: “Moreover, the violations are continuous breaches of [GDPR] as they are still observed to date. It is not a one-off, time-limited infringement.”

The ruling resulted from two complaints that were filed on the 25th of May last year, the day that the GDPR first took effect, by data privacy groups La Quadrature Du Net (LQDN) and None Of Your Business (Noyb).

Last Friday, Noyb also filed some complaints against Amazon, Apple, Netflix, Spotify, and Google. It claimed that the tech giants had violated users’ right to access a copy of all the raw information that a company holds about them.