Tech giant Google has been hit with a £44.1m fine for breaching strict European Union rules on data protection by the French data regulator.
The judgement was served today by French regulator CNIL, the committee said they found Google had a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation” under General Data Protection Regulation (GDPR).
As France’s first ever fine under GDPR, CNIL said the penalty was “justified by the severity of the infringements observed regarding the essential principles of the GDPR” as Google did no respect the rules.
The regulator said Google had not obtained clear permission to process the data as “essential information” was disseminated “across several documents.” The relevant information is accessible after several steps only, implying sometimes up to five or six actions.
“Users are not able to fully understand the extent of the processing operations carried out by Google.”
CNIL added that Google failed to process user’s data using the correct legal process. “The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent.
“The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalisation, speech recognition, etc).
“However, the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”
Google said in a statement, “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”