Google fined £44m under EU data privacy law
France’s data privacy watchdog has fined Google 50 million euros (£44 million), the first penalty for a US tech giant under new European data privacy rules that took effect last year.
The National Data Protection Commission said it fined the US internet giant for “lack of transparency, inadequate information and lack of valid consent” regarding ad personalisation for users.
It is one of the biggest regulatory enforcement actions since the European Union’s General Data Protection Regulation (GDPR) came into force in May.
The rules are aimed at clarifying individual rights to personal data collected by companies, which are required to use plain language to explain what they are doing with it.
Even though many tech multinationals such as Google have their headquarters in the US, they still have to comply with the new rules because they have millions of users in Europe.
The commission said Google users were “not sufficiently informed” about what they were agreeing to as the company collected data for targeted advertisements.
Users have to take too many steps, “sometimes up to five or six actions”, to find out how and why their data is being used, the commission said.
Google’s description of why it is processing their data is “described in a too generic and vague manner”, it added.
The company’s infringements “deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life”, the commission said.
The commission acted on complaints by two data protection advocacy groups, NOYB.EU and La Quadrature du Net, filed immediately after GDPR took effect.
Google said in a statement it is “deeply committed” to transparency and user control as well as GDPR consent requirements.
“We’re studying the decision to determine our next steps,” it said.