Google just got slapped with a $57 million fine over privacy
This is the largest fine since the GDPR came into place.
Well, this escalated quickly. A French regulatory body has fined Google 50 million euros (roughly $57 million) for failing to disclose to users how their data was being collected and used for targeted advertising.
While multiple companies have already received GDPR fines since the regulation came into force last year, this is several magnitudes bigger than the largest fine prior to now.
France’s National Data Protection Commission, CNIL, cites Google’s “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization” as the reasoning behind the record fine, adding that it is “of its utmost responsibility” for compliance due to the reliance of advertising personalization to Google’s economic models.
The investigations that resulted in this fine came from two complaints by the association None Of Your Business (NOYB) and another, Quadrature du Net (LQDN). The complaint from LQDN had over 12,000 signatories to it, showing a growing tide of privacy-aware Europeans.
Piercing the veil
The regulators found that Google failed in its GDPR obligations to make information about its data collection easily accessible to users. Information about things like data-processing purposes and data-storage periods was scattered amongst multiple places, making users go through convoluted pathways to obtain the necessary details.
Adding to this mess of obfuscated data was unclear messaging as to how the user’s data was used for ad personalization. While there are existing documents describing part of the processes, they didn’t go far enough to encompass the entire ecosystem of Google services that are used for collecting data to personalize those ads.
Google also failed to rectify its signup process on Android, which has the legislated “opt-in” checkbox for targeted advertising already filled-in, a clear violation of the GDPR policies.
It’s likely that this won’t be the last GDPR-based fine for Google. The regulators are clear to mention that the breaches of the GDPR regulations are ongoing, and that this is not a one-time fine. Google will have to step into line or face more fines, possibly even up to the 4% maximum of global revenue, which for Google would work out to about 4 billion Euros.
What do you think? Is Google in the wrong? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
- Influencers are turning to their own hackers to combat account theft on Instagram
- Here are the best Android games of 2018, as voted for by Reddit
- Take Oregon Trail on the trail with this $10 portable
- Spotify will soon let you block artists you don’t want to hear