Search engine giant Google has been fined for 50 million euros (around $57 million) by the French data regulator CNIL (National Data Protection Commission) for violating the General Data Protection Regulation (GDPR) law. The data protection watchdog stated it had levied the fine for Google’s lack of transparency and valid agreement regarding ads personalization. The regulator also said that Google didn’t sufficiently inform the people about how it collected the users data to personalize ads.
The issue started when CNIL received complaints from the associations, None of Your Business (NOYB) and La Quadrature du Net (LQDN) in May 2018. The associations complained on Google for not having a valid legal basis to process the personal data of the users for ads personalization, as mandated by the GDPR.
“On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization,” CNIL said in a statement.
“This is the first time that the CNIL applies the new sanction limits provided by the GDPR. The amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent,” the statement added.
The inspections carried out by the CNIL’s restricted committee found that Google has violated two core privacy rules of the GDPR- Transparency, and Consent. The committee notified that the information provided by Google is not easily accessible for users and the structure of the information does not comply with the data regulations. It also declared the users are not able to understand the processing operations carried out by the search engine giant.
Google is facing severe backlashes in recent times. The latest survey from Menlo Labs revealed that cybercriminals are using the Google Cloud to attack Financial Services Companies. The company stated that employees at financial services firms in the United States and the United Kingdom are being targeted by a malicious email campaign. The researchers revealed that cybercriminals are storing malicious payloads on storage.googleapis.com, the domain of the Google Cloud Storage service. The email campaign might have been active in the United States and the United Kingdom since August 2018.