Google fined €50M in France for GDPR breach

21 January 2019

Reports are circulating that the French data protection authority, the CNIL, has issued a fine of €50M on Google for failure to comply with the GDPR.  The issue relates to the consents obtained from Google account holders in relation to the personalisation of advertising that was served to the user.

The CNIL referenced the fact that as part of the account opening process, users have to click a ‘more options’ button to access a separate page for settings for display of personalised ads, all of which are pre-ticked.  The user is also required to tick one box for agreeing to the terms of service and a second box agreeing to the processing of data as per the Google Privacy Policy (which included a huge range of processing operations, such as ad personalisation and speech recognition).

This meant, in the CNIL’s view, that the consent obtained from the pre-ticked check boxes was not a ‘clear affirmative action’, and furthermore that the general agreement to the privacy policy was not sufficient to give ‘specific’ consent to anything set out in that Policy.

 

Eddie Powell Author
Eddie Powell
Partner
About the author