GDPR: 50 € million fine on Google

The first big one for violations of the General Data Protection Regulation (GDPR) finally reached 50 million euros. The fine was imposed on Google by the French data protection authority CNIL.

The CNIL said the fine was imposed for breaches of GDPR regulations relating to transparency and of company user data for advertising purposes.GDPR

This is the biggest fine that has been imposed so far under the new EU-wide Privacy Act applicable for eight months. The previous one was a fine of 400.000 € imposed on a Portuguese hospital.

The fine came after activists' privacy complaints at the end of May last year. Max Schrems and the non-profit organization None of Your Business (NOYB) were among the first to denounce Google and Facebook after the GDPR came into force on May 25. The French digital rights group La Quadrature du Net also filed a complaint with Google a few days later.

Both of Google's complaints were essentially about the "coercive consent" that the company uses to obtain the data. According to the complaints, Google did not have the legal basis for processing the data, as it was leading users to consent to processing it without understanding it.

"We are very pleased that for the first time a European data protection authority is using them of the GDPR to punish clear violations of the law," Schrems said in a statement.

"After the introduction of the GDPR, we found that big companies like Google interpreted the law differently and often superficially adapted it to their products. It is important that authorities make it clear that simply claiming compliance is not enough.”

Regulators have ruled that Google is "too generic and unclear" when it tells users how to use their data, and that there is no information on how long the data is stored.

So Google does not have the valid consent of its users to process their data. Their consent is neither "specific" nor "clear" as required by the GDPR, says CNIL.

France's maximum fine for data protection was just 150.000 euros, although it rose to 3 million euros two years before the GDPR came into force. Now that the new law is in force at EU level, the ceiling has reached 20 million or 4% of the company's total annual revenue that violates the law.

The recorded revenues of $110,8 billion in 2017, which means the CNIL could theoretically ask the company for a fine of €4 billion.

The CNIL said it is demanding a fine of 50 million due to the seriousness of the violation, and that if Google does not change ways, the fines will increase.
___________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).