France’s data privacy agency CNIL said Google’s data consent policy isn’t clear. Hence it has been fined nearly $57 million for violating Europe’s new data privacy rules called GDPR. Till date, this is the biggest GDPR fine to be issued.
Who brought Google’s mishandling to light?
France’s top data privacy agency known as CNIL on Monday said that Google failed to fully disclose to users how their personal information is collected and what happens to it. Google also did not properly obtain users’ consent for the purpose of showing them personalized ads, the watchdog agency said.
Implemented in 2018, the sweeping privacy rules, commonly referred to as GDPR, have set a global standard that has forced Google and its tech peers in Silicon Valley to rethink their data-collection practices or risk sky-high fines. The United States lacks a similar, overarching federal consumer privacy law, a deficiency in the eyes of privacy rights advocates that has elevated Europe as the world’s de facto privacy cop.
Why is the fine issued?
The fine was issued as Google failed to provide clear information to the user about its data consent policies and didn’t give them enough control over how the information should be used. Besides this Google has also been accused by seven consumers groups across European countries for violation GDPR policy in accordance with deceptive practices followed around its location tracking.
Is the fine in accordance with the maximum limit allowed by GDPR?
$57 million fine may seem large, but its small compared to maximum limit allowed by GDPR. As per GDPR rules a company can be fined a maximum of 4% of its annual global turnover for a serious offense. Looking at Google’s last quarter turnover i.e. 33.74$ this fine could have been in billions of dollars.
Is Google the first company to violate GDPR obligations?
This isn’t the first that a company violated GDPR and has to pay the fine. But yes, it is the biggest so far. Last year in December, a Portuguese hospital was fined €400,000 as its staff used fake accounts to access patients records, whereas in November a German social media and chat service was fined €200,000 for saving social media passwords in plain text. In October a local business in Austria was fined €4,800 for using a security camera to film public space.
What Google has to say?
Responding to the fine, a Google spokesperson said that the company is “deeply committed” to meeting the “high standards of transparency and control” that people expect of it. They said that the company was studying CNIL’s decision in order to determine its next steps.