Apple, Amazon, Netflix, Spotify, and YouTube also face scrutiny.

The French data regulator, CNIL, has sanctioned Google with a £44m fine for breaches of the European Union’s General Data Protection Regulation (GDPR).

Google’s fine, the largest issued since GDPR was made effective on 25 May 2018, follows complaints issued by data privacy rights groups noyb and La Quadrature du Net (LQDN) regarding Google’s legal basis for processing user data for personalised ads.

Reasons for non-compliance

CNIL cited two major reasons for non-compliance:

  • Failure to obtain a valid legal basis to process new European Android users’ data without the data subjects’ consent; and
  • A lack of transparency over data processing permissions relating to personalised ads, with essential information scattered amongst multiple documents.

Google was found to have contravened these requirements by checking the consent box by default, and for failing to clarify that the consent agreed to when a user creates a new account on their smartphone also relates to Google’s other services, including YouTube.

Ahead of GDPR, Google declared changes through its AdWords blog:

“To comply, we will be updating our EU consent policy when the GDPR takes effect and the revised policy will require that publishers take extra steps in obtaining consent from their users.”

 
However, this move was criticised for perceivably outsourcing compliance to publishers, and CNIL found Google’s measures insufficient in meeting their responsibility to protect European data subjects.

GDPR mandates that data consent must be clearly communicated to the data subject, with the responsibility falling primarily on the data controller.

Click here to find out more about protecting your clients’ data.

What happens next?

Google has since responded to the sanctions, stating that it is “studying the decision to determine our next steps”.

Whilst minimal in comparison to Google’s 2018 £93.6bn turnover, CNIL’s judgement is a defining moment for global compliance, demonstrating that by pursuing a leading Silicon Valley organisation, the EU will enforce GDPR stringently.

And with decisions forthcoming regarding YouTube, Gmail, and Google Search’s personal data processing policies, scrutiny remains over Google’s compliance practices.

 

To ensure your business data and policies are easily accessible for both your staff and clients, speak to us about a Cloud-based ERP solution.

Disaster Recovery Brochure
close slider

Download Our Business Continuity and Disaster Recovery Brochure

Fill in the fields below and our brochure will be emailed to you.


 

Download Our Brochure

Fill in the fields below and our brochure will be emailed to you.


 

Download Our Microsoft Dynamics 365 Business Central Brochure

Fill in the fields below and our brochure will be emailed to you.


 

Download Our MSP Brochure

Fill in the fields below and our MSP brochure will be emailed to you.


 

Download our NeuVue360 Brochure

Download Our NeuVue360 Brochure

Fill in the fields below and our brochure will be emailed to you.