Search engine giant Google has been issued with a landmark fine of 50 million euros (£44m), for a breach of the new General Data Protection Regulation (GDPR).
The fine, which is the largest in GDPR history, was issued by French data watchdog CNIL for “lack of transparency, unsatisfactory information and a lack of valid consent regarding the personalisation of advertising”. Following its investigation, the watchdog judged that users were “not sufficiently informed” about how data is collected, and that Google’s blanket consent for all services did not meet GDPR guidelines.
The verdict follows complaints by two privacy rights groups: noyb (None Of Your Business) and La Quadrature du Net (LQDN) which both claim Google did not have a valid legal basis to process user data. In a statement, Google said it was “studying the decision” to determine its next steps.
Speaking on the ruling, Jade Greenhow, Operations Director at Insight Data comments: “Whilst this is certainly not the first violation of the new GDPR, it is by far the biggest and most high-profile. It’s a real statement of intent from the EU to show that no company is above the law and that the three key pillars of GDPR: transparency, information and consent, will be upheld.
“Without question, this verdict should serve as a massive wake-up call to businesses at every level to prioritise GDPR compliance. Flying under the radar is simply not an option as investigations continue and privacy rights groups across the continent and the UK look to alert regulators to potential breaches and GDPR violations.
“Whilst GDPR can be seen as a ‘necessary evil’ to finally ensure personal data is lawfully managed, processed and safeguarded, it has made it incredibly difficult for businesses to successfully manage their own data. It can be easier, safer and far more cost-effective to work with a reputable data supplier. They can ensure consent has been achieved, information is always correct and ultimately offer complete transparency.”
Whilst this is the biggest fine yet to be issued by a European regulator, it could have been far worse. With GDPR allowing a maximum fine of 4% of annual global turnover, Google’s fine could have easily been in the billions of euros.
Prior to Google’s violation, entertainment giants Apple, Netflix, Amazon and Spotify all faced accusations of non-compliance. Last year, the first GDPR fines were issued following investigations by European regulators. These included a Portuguese hospital, a German social media company and a small business in Austria.