The French data protection regulator (CNIL) has recently issued Google with a £44m (€50 million) fine for failing to comply with its obligations towards GDPR transparency and accessibility of information. This is currently by far the largest fine to date which has been issued by a European data protection regulator.
CNIL have said that Google was fined because it had failed to provide enough information to its userbase about its data consent practices as well as not allowing its users to have full control over how their information is used. CNIL stated that, at the time of the issue, these violations had not been rectified by Google. For people unaware of the GDPR requirements with personal data, companies are required to obtain consent before collecting personal information (opt-in), companies are not allowed to automatically obtain information as they previously could.
Since the issue of the fine, Google have since come back and said that they would appeal the fine, they said: “We’ve worked hard to create a GDPR consent process for personalised ads that is as transparent and straightforward as possible, based on regulatory guidance and user experience testing,” the company said in a statement.
“We’re also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond,” it added.
“For all these reasons, we’ve now decided to appeal.”, via APF
How this turns out is anyone’s guess, but now’s the time for companies to take GDPR seriously, now that this is the first serious GDPR related fine more are about to be issued in the near future.
If you would like to learn more about GDPR, or would like help with your data protection needs, TeraByte have a number of services to help you, these can be found at: https://terabyteit.co.uk