Connect with us

Google

Google just got slapped with a $57 million fine over privacy

This is the largest fine since the GDPR came into place.

google comments on search results
Image: Unsplash

Well, this escalated quickly. A French regulatory body has fined Google 50 million euros (roughly $57 million) for failing to disclose to users how their data was being collected and used for targeted advertising.

While multiple companies have already received GDPR fines since the regulation came into force last year, this is several magnitudes bigger than the largest fine prior to now.

France’s National Data Protection Commission, CNIL, cites Google’s “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization” as the reasoning behind the record fine, adding that it is “of its utmost responsibility” for compliance due to the reliance of advertising personalization to Google’s economic models.

The investigations that resulted in this fine came from two complaints by the association None Of Your Business (NOYB) and another, Quadrature du Net (LQDN). The complaint from LQDN had over 12,000 signatories to it, showing a growing tide of privacy-aware Europeans.

Piercing the veil

The regulators found that Google failed in its GDPR obligations to make information about its data collection easily accessible to users. Information about things like data-processing purposes and data-storage periods was scattered amongst multiple places, making users go through convoluted pathways to obtain the necessary details.

Adding to this mess of obfuscated data was unclear messaging as to how the user’s data was used for ad personalization. While there are existing documents describing part of the processes, they didn’t go far enough to encompass the entire ecosystem of Google services that are used for collecting data to personalize those ads.

Google also failed to rectify its signup process on Android, which has the legislated “opt-in” checkbox for targeted advertising already filled-in, a clear violation of the GDPR policies.

Going forward

It’s likely that this won’t be the last GDPR-based fine for Google. The regulators are clear to mention that the breaches of the GDPR regulations are ongoing, and that this is not a one-time fine. Google will have to step into line or face more fines, possibly even up to the 4% maximum of global revenue, which for Google would work out to about 4 billion Euros.

What do you think? Is Google in the wrong? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Maker, meme-r and unabashed geek. Hardware guy here at KnowTechie, if it runs on electricity (or even if it doesn't) I probably have one around here somewhere. My hobbies include photography, animation and hoarding Reddit gold.

Comments

More in Google