January 22, 2019

Google hit with USD 56.89 million GDPR fine by CNIL

The French regulator claims that Google failed to provide users with adequate information, transparency and valid consent regarding ad personalization.

Cloud giant Google have been fined USD 56.89 million by French regulator CNIL (Commission Nationale de l’informatique et des Libertés), The National Commission of Computing and Freedom. According to CNIL, Google has been fined since the latter could not provide users with transparency or information while collecting data to provide personalised ads.

According to CNIL, complaints were filed against the cloud giant in May 2018, by some privacy groups stating that Google did not have a valid legal basis to process user data. They say that as mandated by EU’s GDPR, enterprises need to have clear consent when it comes to data processing and Google clearly failed on this account.

The French regulator claims that users are not able to fully understand the extent of processing operations that are carried out by Google. They also say that the data on processing operations for ad personalization is not complete in several accounts and does not provide the user with total information.

CNIL further stated that Google gave a pre-ticked option to personalize ads while creating an account, which did not comply with the GDPR rules. They also claim that most users give their consent in full for all the processing information based on speech recognition or social media information.

This, CNIL believes, needs to undergo stringent changes to toe the line with GDPR rules. Google, on the other hand, said that they are studying this decision so that they can come up with a strong plan of action.


It will be interesting to see how Google reacts to this, following their partnership with KPMG for GDPR compliance.