Fining Google €50m, France's Commission nationale de l'informatique et des libertés (CNIL) told Google the US giant has made it too difficult for users to understand and manage preferences on how their personal information is used, in particular with regards to targeted advertising.
Google was fined by the French regulator for failing to provide transparent and easily accessible information on its data consent policies, a statement said. CNIL said the record €50m fine reflected the seriousness of the failings as well as Google's dominant market position in France via Android. Google was using the EU's strict general data protection regulation (GDPR) for the first time. The CNIL found that despite changes implemented by Google since last year, it was still failing to respect the spirit of the new rules. CNIL stated the information provided ‘is not sufficiently clear for the user to understand that the legal basis for targeted advertising is consent, and not Google's legitimate business interests.’ The ruling follows complaints lodged by two advocacy groups last May, shortly after the landmark GDPR directive came into effect. One was filed on behalf of some 10,000 signatories by France's Quadrature du Net group, and the other by None Of Your Business, created by an Austrian privacy activist Max Schrems.
Google is accused of securing ‘forced consent’ via its Android mobile operating software through the use of pop-up boxes online or on its apps which imply that its services will not be available unless the conditions of use are accepted. In a statement, a Google spokesperson said, ‘people expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR.’ Goole has contested the decision, saying it should apply only to its European sites, such as Google.fr, and not the global Google.com domain. The spokesperson said they are studying the decision to determine their next steps.