French data regulator CNIL has fined Google $57 million over a breach of the EU’s data protection rule. The amount of the penalty makes it the biggest fine that has ever been levied against a US tech giant. This event also marks first major penalty brought against a U.S. technology giant since the new regulations took effect in Europe.
France’s top data-privacy agency said on Monday that Google could not fully disclose to users how their personal information is collected and what happens to all the data. Google also failed to properly obtain consent for the purpose of showing personalized ads, said CNIL.
Europe’s new General Data Protection Regulation which was implemented in 2018 consists of sweeping privacy rules which have served as a challenge for Google and its peers to rethink their data collection practices or risk facing a sky-high fine.
Google recently made changes to comply with the E.U rules, nevertheless, the CNIL said in a statement that “the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.”
“The amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information, and consent,” the CNIL added.
As a result, Google is “studying the decision to determine our next steps.” Google added that “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”
French regulators began investigating Google as soon as the GDPR went into effect. The investigation was incited as a result of concerns raised by two groups of privacy activists. The groups also filed complaints against Facebook, Instagram, and Whatsapp in other E.U countries.
E.U’s new data-privacy law demands tech giants like Google to give a clear picture of the data they collect along with a simple and specific tool for users to affirm their consents in order to have their personal information harnessed. In both the aspects, E.U says, Google has erred.