France fines Google $57 million over data transparency

France fines Google nearly $57 million for first major violation of new European privacy regime

France fines Google nearly $57 million for first major violation of new European privacy regime

"The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions", the regulator said.

'People expect high standards of transparency and control from us.

Although Google responded to the decision by saying that they committed to meeting the "high standards of transparency and control" expected of them by users - as well as by the strict new European Union data law - they are nonetheless challenging the decision.

"We're studying the decision to determine our next steps", it said.

One was filed on behalf of some 10,000 signatories by France's Quadrature du Net group, while the other was by None Of Your Business, created by the Austrian privacy activist Max Schrems.

Neither is the consent specific, the CNIL said, because Google requires full agreement to the Terms of Service and data processing in the Privacy Policy, rather than unbundling the different purposes, such as ads personalisation or speech recognition.

Google's CEO Sundar Pichai is visiting Poland today to meet with Poland's Prime Minister Mateusz Morawiecki at a meeting to develop an innovative economy in central Europe.

"It is important that the authorities make it clear that simply claiming to be compliant is not enough".




In September previous year, the French regulator studied the information that's made available to users when they create a Google account on a new Android phone.

Google parent Alphabet recorded $110.8 billion in revenues for 2017, meaning CNIL could have theoretically hit the company with a fine of nearly €4 billion.

Once the General Data Protection Regulation, known as GDPR for short, went into effect in Europe past year, it was regarded as only a matter of time before regulators there would use the stricter privacy framework to push back on tech giants in a way that's not happening in the US.

According to CNIL, Google's violations center around the ambiguity of information presented to users about their data collection and usage, as well as failure to include information about the data retention period for some information.

Users' "consent" is now set as the global default setting, which fails to meet the regulator's requirement that companies obtain "specific" consent. Google also pre-ticks the boxes through which people agree to ad-personalisation.

The CNIL said the fine, the biggest handed out for a data protection violation and the French agency's first penalty under GDPR, are "justified by the severity of the infringements".

Earlier this month the advocate general for the European Court of Justice in Luxembourg sided with Google in the case, though a final ruling has not yet been announced.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.