France issues Google with the heaviest GDPR fine to date

The claims were brought against it just days after GDPR took effect

Google has been hit with a landmark 50 million GDPR fine, issued by the French privacy Watchdog CNIL - the largest in the GDPR's history.

The fine was issued following complaints made by two organisations, noyb (None of Your Business) and LQDN (La Quadrature du Net), back in May 2018 relating to Google's 'forced consent' to continue processing users' data.

Advertisement - Article continues below

Specifically, the complaint related to Android users who, when setting up a new Android phone, were forced to follow Android's onboarding process which included forced consent for the processing of their data. Both groups said Google had no legal basis to process the personal data of its users "particularly for ads personalisation purposes".

GDPR requires the data controller to provide its users with the option to opt-in to have their data processed whereas, before the regulation's implementation, users were required to opt-out.

"This is the first time that the CNIL has applied the new maximum penalties provided by the GDPR. The amount withheld, and the advertising of the fine, at first justified by the seriousness of the deficiencies that affect the essential principles of GDPR: transparency, information and consent," CNIL said in a statement.

The maximum fines for GDPR are 20 million or 4% of the company's annual turnover, whichever is greater. In this case, Google could have theoretically faced a maximum fine of almost 4 billion.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

While 50 million is pocket change compared to the potential maximum fine that could have been issued - especially since 50 million was just 0.0005% of Google's annual turnover for 2017 - some believe it does at least show that GDPR is being taken very seriously by the powers that be. 

"The new fine facing Google will quickly dispel any lingering doubts that the EU would go easy on companies found in violation of the GDPR," said Matt Lock, director of sales engineering at Varonis.

"The news should be hitting companies like a cold shower. It's not a stretch to say that a proverbial storm is gathering as privacy groups rally to their cause and seek to uphold major global companies as examples of lax privacy controls.

"The news should serve as an impetus to organisations that have yet to prioritise their GDPR compliance programs and hoped to simply fly under the radar - their luck may be running out soon."

Advertisement - Article continues below

The landmark fine was justified by Google's lack of action following the claim. CNIL said that the violations are continuing to this day and are ongoing violations of the GDPR.

Schrems takes no prisoners

The privacy group noyb lead by Austrian lawyer and privacy advocate Max Schrems has also made the headlines for filing a further eight GDPR complaints on behalf of 10 users on Friday.

The companies in noyb's crosshairs include Amazon, Apple, Netflix, SoundCloud, Spotify and YouTube. The complaints were filed under alleged violations of Article 15 of the GDPR which relates to the users' right to access their own data.

"Many services set up automated systems to respond to access requests, but they often don't even remotely provide the data that every user has a right to," said Schrems.

"In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users' rights, as these systems are built to withhold the relevant information."

Credit: noyb

The privacy group tested the aforementioned companies to see how well they complied with the specific requirement of GDPR "but no service fully complied," it said.

  • General Data Protection Regulation (GDPR)
Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020