France’s data protection regulator, CNIL, has issued Google a €50 million fine for failing to comply with its GDPR obligations. This is the biggest GDPR fine yet to be issued by a European regulator and the first time one of the tech giants has been found to violate the new regulations that came into force in May last year.
CNIL said that the fine was issued because Google failed to provide enough information to users about its data consent policies and didn’t give them enough control over how their information is used.
According to the regulator, these violations are yet to have been rectified by the search giant. Under GDPR, companies are required to gain the user’s genuine consent”before collecting their information, which means making consent an explicitly opt-in process that’s easy for people to withdraw.
Responding to the fine, a Google spokesperson said that the company is deeply committed to meeting the high standards of transparency and control that people expect of it. They said that the company was studying CNIL’s decision in order to determine its next steps.
Google has also been accused of GDPR privacy violations by consumer groups across seven European countries over what they claim are deceptive practices around its location tracking.