The first major fine for violations of the General Data Protection Regulation (GDPR) has finally reached 50 million euros. The fine was imposed on Google by the French protection authority data CNIL.
The CNIL said the fine was imposed for violations of GDPR regulations regarding the transparency and processing of company data for advertising purposes.
This is the biggest fine that has been imposed so far under the new EU-wide Privacy Act applicable for eight months. The previous one was a fine of 400.000 € imposed on a Portuguese hospital.
The fine followed complaints from privacy activists in late May last year. Max Schrems and the non-profit organization None of Your Business (NOYB) ήταν το πρώτο από τα μπλοκ που κατήγγειλε την Google και το Facebook μετά την έναρξη ισχύος του GDPR στις 25 Μαΐου. Η γαλλική team digital rights activist La Quadrature du Net also filed a complaint against Google a few days later.
And the two Google's complaints were essentially about the "forced consent" the company uses to obtain the data. According to the complaints, Google did not have the legal basis for processing the data, because it led users to consent to processing without realizing it.
"We are very pleased that for the first time a European data protection authority is using the capabilities of the GDPR to punish clear violations of the law," Schrems said in a statement.
“After the introduction of GDPR, we found that big companies like Google interpreted the law differently and often adapted it superficially to their products. It is important for the authorities to make it clear that simply claiming compliance is not enough. "
The regulators ruled that Google is "too general and vague" in telling users how it will use their data, and that there is no information on how long space data storage.
So Google does not have the valid consent of its users to process their data. Their consent is neither "specific" nor "clear" as required by the GDPR, says CNIL.
France's maximum fine for data protection was just 150.000 euros, although it rose to 3 million euros two years before the GDPR came into force. Now that the new law is in force at EU level, the ceiling has reached 20 million or 4% of the company's total annual revenue that violates the law.
Alphabet recorded $ 110,8 2017 revenue for 4, which means CNIL could theoretically ask the company for a fine of XNUMX billion.
The CNIL said it is demanding a fine of 50 million due to the seriousness of the violation, and that if Google does not change ways, the fines will increase.
___________________
- Google Docs and no Google account
- Sundar Pichai: Our mission is to protect privacy
- Debian 10 buster announced Transition freeze
- Google builds its own village with 8000 homes
- Google Public DNS: At last with DNS-over-TLS
