Google has to pay a fine of 50 million euros in France in connection with the EU General Data Protection Regulation (GDPR). The French Data Protection Authority (CNIL) found violations of the GDPR applicable since the end of May 2018. Among other things, information on the use of the data collected and the storage period for users are not easily accessible, the agency said today.
They are distributed over several documents, users would have to click through several links and buttons. In addition, some of the information is unclear.
Insufficient information about personalized advertising?
In addition, the Google consent to the display of personalized advertising is not valid in their view, because users would not be sufficiently informed, said the CNIL. It was the first punishment of the authority after the DSGVO. According to the regulation, fines of up to four percent of the annual turnover of a company can be imposed.
Triggers for the investigation were complaints of the noyb organizations of the well-known Facebook critic Max Schrems and LQDN. Among other things, the GDPR provides that companies must inform users transparently about the use of their data.
Schrems said in an initial statement: „We are very pleased that for the first time a European data protection authority uses the possibilities of the GDPR to penalize clear legal violations. After the introduction of the GDPR, we realized that large corporations like Google simply interpreted the GDPR differently and often adapted their products superficially. It is important that the authorities clarify that that is not enough. „
