The word is out. Google will be fined. The breach has cost Google £44.9 Million, and this is not even the first GDPR fine of this year for Google.
Google lost the appeal in France. It will be fined for £44.9 million for violating the European Union’s rules on digital privacy. Yes, this is yet another GDPR violation on Google’s part. Is it learning any lessons yet? We cannot reckon.
The issue was raised in France’s top court for administrative law. The court ruled against Google because of Google’s inability to clarify how it processes personal information of data subjects such as the “Android” users.
CNIL had ruled in January of this year that its processing is not “sufficiently clear”. Google took the matter to the court and appealed to revisit the stance. This was Google’s attempt to challenge the implication of the CNIL that the data extracted by Google in many cases was not legally obtained. The user consent required for targeted ads was also unlawful.
“The Council of State confirms the CNIL’s assessment that information relating to targeting advertising is not presented in a sufficiently clear and distinct manner for the consent of the user to be validly collected,” the court stated.
For Google, this hefty fine is only a small fraction of its global revenue. However, as suspected, this has become the largest GDPR fine for a tech venture as of now. The company has been penalised and fined in many parts of the EU apart from this incident. Somehow, it is still lacking in terms of the pace of improvements. Hence the frequent fines and penalties.
“People expect to understand and control how their data is used, and we’ve invested in industry-leading tools that help them do both,” a Google spokesperson was quoted in a statement.
Google is likely to revisit its strategies and improve its compliance now, at least in places where the GDPR applies.