France hits Google with €50 million GDPR fine

A person walks past Google's offices in New York, New York, USA, 17 December 2018. [EPA-EFE/JUSTIN LANE]

The French data regulatory authority, the CNIL, has set a precedent which may rattle digital leaders across Europe, hitting the tech giant with a €50 million fine on Monday (21 January) for breaching EU data protection rules. EURACTIV France reports.

The fine, imposed under the EU’s General Data Protection Regulation legislation, is the first of its kind issued by a European regulatory authority.

“This is the first time that the CNIL has applied the new penalty thresholds provided for by the GDPR,” the French authority highlighted.

“The amount and the publicity of the fine are first justified by the seriousness of the deficiencies identified concerning the basic principles of GDPR: transparency, information and consent.”

National privacy watchdogs brace for new pan-EU powers

Europe’s powerful data protection regulators are banding together to coordinate how they investigate and sanction misbehaving companies before a major overhaul of the bloc’s privacy law takes effect in May.

France is criticising Google for not letting its users know what type of user data the Internet giant possesses.

“Essential information, such as the purposes for which data is used, the retention period for data and the categories of data used for customising adverts are excessively distributed in several documents, which comprises buttons and links which must be activated to become aware of additional information.”

Panic among IT leaders?

There is another problem IT managers are going to have to face: parameters of use. Google’s suggestion as to how users’ consent – or not – to give their data, and which data exactly, is too complicated, according to the CNIL.

The practice is common on the Internet, for search engines and other sites. In this case, the problem is that when creating an account, the user has to click on “More options” to be able to personalise the processing of their data, for advertising purposes, for example. Without this, they automatically get the default options, which include advertising.

As for the use of data itself, the CNIL deems that Google users are not able to give informed consent, both because changing the parameters involve several manipulations and because some options are pre-checked.

“The failures observed deprive users of fundamental guarantees concerning data processes that could reveal broad facets of their private life,” criticised the French authority.

GDPR fines can go increase to 4% of the global turnover of a company, under Article 89 of the text, CNIL underlined in their decision. In 2017, Alphabet generated €96 billion of turnover.

Twitter tumbles on concerns about hacking activity

Twitter shares fell almost 7 percent on Monday after the company said it was investigating unusual traffic that might be from state-sponsored hackers and, in what appeared to be an unrelated issue, a security firm said hackers used the platform to try to steal user data.

The regulatory authority regretted that GDPR infractions have not been corrected despite warnings. “Every day, thousands of French citizens create Google accounts” on Android, thus gifting their data to the Californian powerhouse.

Google responded to this clear criticism by saying that not all users create accounts and that only 7% of the French population use a Google account are actually affected by these issues.

Huawei $2 billion security pledge followed walkout by British official: sources

Huawei’s relations with British authorities hit a low last month when a top official walked out of a meeting with the Chinese company over its perceived failure to fix security holes in its products, sources familiar with the talks told Reuters.

EU negotiators reach agreement on cybersecurity act

Representatives from the European Commission, Council and Parliament on Monday (10 December) evening banded together to strengthen the bloc's Cybersecurity efforts, reaching agreement on the EU's cybersecurity act.


Subscribe to our newsletters