Google fined €50 million in France for GDPR breach

Gigacycle > Information & Guidance  > Google fined €50 million in France for GDPR breach

Google fined €50 million in France for GDPR breach


France’s Data Protection Authority, the CNIL, has today announced a 50 million euro fine on Google LLC for lack of transparency, inadequate information and lack of valid consent regarding the  personalisation of advertisements.

The case was initiated by two associations, None Of Your Business (“NOYB”) and La Quadrature du Net (“LQDN”). LQDN was supported by 10 000 people to refer the matter to the CNIL. The CNIL says that the GDPR “one-stop-shop mechanism” was not applicable as the DPAs consider that Google did not have one main establishment in the European Union.

The CNIL is of the view that the consents collected were neither “specific” nor “unambiguous”. When an account is created, the user can admittedly modify some options associated with the account by clicking on the button “More options” accessible above the button “Create Account”. It is  possible to configure the display of personalised ads, the CNIL says.

The CNIL continues: “That does not mean that the GDPR is respected. Indeed, the user not only has to click on the button ‘More options’ to access the configuration, but the display of the ads personalisation is moreover pre-ticked. However, as provided by the GDPR, consent is ‘unambiguous’ only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance). Finally, before creating an account, the user is asked to tick the boxes “I agree to Google’s Terms of Service” and “I agree to the processing of my information as described above and further explained in the Privacy Policy” in order to create the account. Therefore, the user gives his or her consent in full, for all the processing operations purposes carried out by GOOGLE based on this consent (ads personalisation, speech recognition, etc.). However, the GDPR provides that the consent is “specific” only if it is given distinctly for each purpose.”

This fine is the first imposed by the CNIL under the GDPR and it warns that as the infringement is continuing, and it involves the Android mobile operating system, further sanctions are on the agenda: “It is not a one-off, time-limited, infringement.”

See: La formation restreinte de la CNIL prononce une sanction de 50 millions d’euros à l’encontre de la société GOOGLE LLC

Go to Source

No Comments

Sorry, the comment form is closed at this time.