EU Fines Google $57 Million for Violating GDPR

French regulators have fined Google $57 million for refusing to present transparent information regarding how user data is collected and used. And this is a direct violation of the GDPR rules that were enforced last May. Without consequences, the right to privacy would be nothing more than ink on paper.

Who Issued the Fine?

While the fine is not something Google can’t handle, the penalty could have been $3.5 billion. Regardless, this penalty is the biggest one yet under new European privacy law. CNIL, a French data privacy agency who issued the fine stated the following: “Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information.” CNIL also claimed that Google didn’t get users’ actual consent to bombard them with personalized ads.

View Points on the Matter

Anurag Kahol, Bitglass CTO and co-founder said: “It will likely pave the way for penalties for other prolific companies that have not yet met the demands of the new law. Other organizations might not be large enough or successful enough to absorb a large financial penalty. This instance should be a wakeup call for organizations everywhere to begin taking data privacy far more seriously.”

Tim Erlin, vice president, product management and strategy at Tripwire, went on to explain “successful enforcement of the GDPR is an incredibly important step in determining the effectiveness of the regulation,” noting that “without teeth, no regulation can make a material difference.”

Vice president of Marketing at Vectra, Mike Banic considered the action a “clear exercise of authority signals that others will follow. Regardless of what Google’s next step might be, Banic says “this is an important test of GDPR law that may bring both precedence and greater clarity around GDPR implementation for others.”

The GDPR Law

The GDPR has strict rules when it comes to processing and storing personal data. It also asks companies to seek proper consent from users before making use of their personal data. In turn, the companies must provide their users with a copy of their personal data. They must also report data breaches within 72 hours.

How Did Google Violate GDPR Law?

Google has failed to meet its pledge for transparency when it didn’t reveal its data collection processes. The company was far from upfront about its data-processing purposes and data-storage. Instead, it should make information about its data collection easily accessible to users.

What was Google’s Response?

A spokesman from Google released a statement saying: ” People expect high standards of transparency and control from us.” We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”