The National Commission for Information Technology and Liberties (CNIL) has imposed a fine of 50 million euros to Google in application of the General Regulation of Data Protection of the European Union (RGPD) for its lack of transparency, the unsatisfactory information provided and the lack of valid consent for the personalization of advertising.
This is the first time that the CNIL has been fined with the maximum sanction provided for in the new European regulation, stating that the seriousness of the same is justified by the seriousness of the deficiencies observed, which refer to essential principles of the RGPD such as the transparency, information and consent.
The French authority opened an investigation last June after collective complaints filed by associations None Of Your Business (NOYB) and La Quadrature du Net (LQDN), which accused the search engine of not having a valid legal basis to process the data of the users of their services, in particular regarding the personalization of advertising.
In the context of its investigations, the CNIL conducted an online check in September 2018 with the aim of verifying compliance with the Data Protection Law and RGPD in the processing of personal data by Google, concluding that the company relies on the consent of users to process their data for personalization purposes.
In this regard, the authority stressed that “the user’s consent is not sufficiently informed”, since the information on the treatment of the data is diluted in several documents and does not allow the user to be aware of its magnitude.
Also, the institution judged that the consent obtained is not “specific” and “unambiguous, noting that the method used leads the user to give his consent in block, for all purposes pursued by Google (personalization of advertising, speech recognition …)
“Users expect high standards of transparency and control on our part,” they said from the US company.”