Google first US company to be fined under GDPR
Google has become the first US company to be fined under the General Data Protection Regulation (GDPR).
France’s data watchdog, the CNIL, issued a €50 million fine to the search engine after it violated GDPR by failing to tell its users how it collected data and by also declining to provide them with an optiton to consent to personalised adverts.
GDPR, which came into effect last May, imposes fines for breaches, either up to €20 million or four per cent of a firm’s turnover, whichever is greatest.
The CNIL said users were “not sufficiently informed” about what they were consenting to when signing up to have their data collected for targeted ads.
It added that the search giant’s description of why it was processing user data was “described in a too generic and vague manner”.
“We’re studying the decision to determine our next steps,” the company said in the wake of the decision.
In response to a question on whether Google’s Irish operations might face a similar fine, a spokeswoman for the office of the Irish Data Protection Commissioner (DPC) said that of the 15 ongoing investigations into multinational tech companies by the DPC, “none of these investigations are in respect of Google”, which employs 7,000 people in Ireland.
The DPC is now the lead authority for the supervision of Google’s EU consumer-focused services. However, its remit will not extend to the company’s indexing service and search engine.