Google Slapped with $56.8 Million Fine for GDPR Consent Violations
Google is now the recipient of the largest fine yet handed out under GDPR. The 50 million euro penalty ($56.8 million) was imposed because France’s data protection regulator (CNIL) said the company was not sufficiently transparent about the use of personal information and didn’t obtain specific consent for ad-targeting purposes.
Penalty comes after “day one” complaints. The fine is the result of an investigation after complaints were filed on June 1, 2018 against Google and Facebook by privacy advocacy group NOYB.eu. One of the complaint’s issues was alleged use of “forced consent,” which made access to services contingent upon agreement to terms.
According to a translation of the CNIL statement (pdf in french), Google violated GDPR by not making information about intended data uses easily accessible to consumers and not gaining consent for each use.