France’s data protection watchdog fined Alphabet’s Google 50 million euros ($57 million) on Monday for breaching European Union online privacy rules, the biggest such penalty levied against a US tech giant.
The French regulator said the world’s biggest search engine lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalized ads.
The EU’s General Data Protection Regulation (GDPR), the biggest shake-up of data privacy laws in more than two decades, came into force in May. It allows users to better control their personal data and gives regulators the power to impose fines of up to 4 per cent of global revenue for violations.
“The amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent,” the CNIL said in a statement.
Google issued a statement saying that people “expect high standards of transparency and control from us”.
“We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” it said, adding that it was examining its next steps.
The CNIL decision follows complaints by two non-governmental organizations, None Of Your Business (noyb) and La Quadrature du Net (LQDN), which the regulator said had been mandated by 10,000 people to present the case.
The French authority, known for its stringent interpretation of privacy rules and for favoring a tough approach toward US Internet companies, sets a record with this penalty, which could reverberate in Silicon Valley.
“More than just a significant amount of money, this sanction is particularly detrimental to Google as it directly challenges its business model and will, in all likelihood, require them to deeply modify their provision of services,” Sonia Cissé, Managing Associate at Linklaters, said.