Google fined €50m as France uses new EU privacy law

In this file photo taken on October 4, 2017, people wait to enter a Google product launch event in San Francisco, California. US President Donald Trump lashed out after Brussels hit US tech giant Google with a record fine, and warned he would no longer allow Europe to take "advantage" of the United States. (Elijah Nouvelage, AFP)
In this file photo taken on October 4, 2017, people wait to enter a Google product launch event in San Francisco, California. US President Donald Trump lashed out after Brussels hit US tech giant Google with a record fine, and warned he would no longer allow Europe to take "advantage" of the United States. (Elijah Nouvelage, AFP)

Alphabet’s Google was at the receiving end of a hefty fine of €50m by France’s privacy regulator, which used its new powers to levy much higher penalties for the first time under European Union data protection rules.

France’s data authority CNIL said the amount of the fine was "justified by the severity of the infringements observed regarding the essential principles" of the EU’s General Data Protection Rules, or GDPR. They are "transparency, information and consent," it said on Monday in a statement.

The EU rules took effect across the 28-nation bloc on May 25, and gave national privacy regulators equal powers to fine companies as much as 4% of global annual sales for the most serious violations.

Google has come under CNIL’s scrutiny many times before, but under the old rules, fines couldn’t exceed the maximum of €150 000. While this is the first time CNIL has benefited from the new rules, several other countries have issued fines.

The decision can be appealed. It was triggered by two complaints, one from noyb, a group created by Austrian privacy activist Max Schrems. Google was accused of forcing users to agree to new privacy policies.

"People expect high standards of transparency and control from us," Google said in an emailed statement. "We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps."

Schrems said his group is "very pleased" to see the new EU rules being applied. "It is important that the authorities make it clear that simply claiming to be compliant is not enough."

CNIL said it found two types of violations of EU law, one for lack of transparency and information, the other for not having a legal basis to process user data for personalised advertisements.

"Despite the measures implemented by Google (documentation and configuration tools), the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations," CNIL said.

The breach also "is not a one-off, time-limited, infringement," it said.

The decision comes just days after noyb filed a new series of privacy complaints across Europe, this time targeting companies that include Google’s YouTube, Amazon.com, and Netflix.

ZAR/USD
16.98
(-0.23)
ZAR/GBP
21.23
(-0.06)
ZAR/EUR
19.15
(-0.17)
ZAR/AUD
11.80
(-0.12)
ZAR/JPY
0.16
(-0.25)
Gold
1774.31
(+0.03)
Silver
18.02
(-0.04)
Platinum
808.00
(+0.25)
Brent Crude
42.78
(-0.79)
Palladium
1914.01
(+0.62)
All Share
54521.90
(-0.17)
Top 40
50179.89
(-0.26)
Financial 15
10150.02
(-0.64)
Industrial 25
76554.73
(+0.52)
Resource 10
50138.02
(-1.24)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
I'm not really directly affected
17% - 1607 votes
I am taking a hit, but should be able to recover in the next year
23% - 2115 votes
My finances have been devastated
35% - 3173 votes
It's still too early to know what the full effect will be
25% - 2294 votes
Vote