Google has been hit with a €50 million (£44 million) fine from French privacy regulator CNIL, the biggest GDPR-related fine that has ever been issued.
CNIL cited “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation” as the reason for this bumper penalty, arguing that people were “not sufficiently informed” about how the tech giant collected data to personalise advertising.
Complaints against Google were filed in May 2018 by two privacy rights groups: noyb and La Quadrature du Net, the BBC reported.
The first GDPR complaint was filed on 25 May 2018, the day the legislation took effect. The groups claimed Google did not have a valid legal basis to process user data for ad personalisation, as mandated by the GDPR.
“People expect high standards of transparency and control from us,” a Google spokesperson said in a statement.
“We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”
SMP eGaming Regulatory Compliance Manager Phil Knox previously stressed the importance of transparency when it comes to GDPR, telling AffiliateINSIDER that “being clear, open and honest with individuals from the start about who you are, how you use personal data and what for” is essential.