Google Fined for GDPR Data Breach in France

France's data regulator CNIL has fined Google EUR 50m (£44m / $57m) for breaching European Union online data privacy rules.

Complaints were filed eight months ago by two privacy rights groups: None of Your Business (NOYB) and La Quadrature du Net (LQDN), on the day the EU's General Data Protection Regulation (GDPR) came into effect. The two groups said Google had no legal basis to process user data for ad personalisation, as laid out under GDPR guidelines.

The French regulator said that users had not been sufficiently informed about how Google collected their data to personalise advertising, and that Google had not obtained clear consent to process the data. It therefore imposed the fine for 'lack of transparency, inadequate information and lack of valid consent regarding ad personalisation'. Maximum GDPR fines can reach up to 4% of a firm's annual global turnover for serious offences.

Google, which has now been accused of GDPR privacy violations in seven European countries, said in a statement it is examining CNIL's decision to determine its next steps.

All articles 2006-23 written and edited by Mel Crowther and/or Nick Thomas, 2024- by Nick Thomas, unless otherwise stated.