France issues Google with the heaviest GDPR fine to date

The claims were brought against it just days after GDPR took effect

Google has been hit with a landmark 50 million GDPR fine, issued by the French privacy Watchdog CNIL - the largest in the GDPR's history.

The fine was issued following complaints made by two organisations, noyb (None of Your Business) and LQDN (La Quadrature du Net), back in May 2018 relating to Google's 'forced consent' to continue processing users' data.

Specifically, the complaint related to Android users who, when setting up a new Android phone, were forced to follow Android's onboarding process which included forced consent for the processing of their data. Both groups said Google had no legal basis to process the personal data of its users "particularly for ads personalisation purposes".

GDPR requires the data controller to provide its users with the option to opt-in to have their data processed whereas, before the regulation's implementation, users were required to opt-out.

Advertisement - Article continues below
Advertisement - Article continues below

"This is the first time that the CNIL has applied the new maximum penalties provided by the GDPR. The amount withheld, and the advertising of the fine, at first justified by the seriousness of the deficiencies that affect the essential principles of GDPR: transparency, information and consent," CNIL said in a statement.

The maximum fines for GDPR are 20 million or 4% of the company's annual turnover, whichever is greater. In this case, Google could have theoretically faced a maximum fine of almost 4 billion.

While 50 million is pocket change compared to the potential maximum fine that could have been issued - especially since 50 million was just 0.0005% of Google's annual turnover for 2017 - some believe it does at least show that GDPR is being taken very seriously by the powers that be. 

"The new fine facing Google will quickly dispel any lingering doubts that the EU would go easy on companies found in violation of the GDPR," said Matt Lock, director of sales engineering at Varonis.

"The news should be hitting companies like a cold shower. It's not a stretch to say that a proverbial storm is gathering as privacy groups rally to their cause and seek to uphold major global companies as examples of lax privacy controls.

"The news should serve as an impetus to organisations that have yet to prioritise their GDPR compliance programs and hoped to simply fly under the radar - their luck may be running out soon."

Advertisement - Article continues below

The landmark fine was justified by Google's lack of action following the claim. CNIL said that the violations are continuing to this day and are ongoing violations of the GDPR.

Schrems takes no prisoners

The privacy group noyb lead by Austrian lawyer and privacy advocate Max Schrems has also made the headlines for filing a further eight GDPR complaints on behalf of 10 users on Friday.

The companies in noyb's crosshairs include Amazon, Apple, Netflix, SoundCloud, Spotify and YouTube. The complaints were filed under alleged violations of Article 15 of the GDPR which relates to the users' right to access their own data.

"Many services set up automated systems to respond to access requests, but they often don't even remotely provide the data that every user has a right to," said Schrems.

Advertisement - Article continues below

"In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users' rights, as these systems are built to withhold the relevant information."

Credit: noyb

Advertisement - Article continues below

The privacy group tested the aforementioned companies to see how well they complied with the specific requirement of GDPR "but no service fully complied," it said.

  • General Data Protection Regulation (GDPR)
Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020