The National Commission on Informatics and Liberty (CNIL), a data protection watchdog in France, fined Alphabet’s Google 50 million euros ($57 million) on Monday for breaching European Union online privacy rules.
This is the biggest such penalty levied against a U.S. tech giant. The French regulator said the world’s biggest search engine lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalized ads, Reuters reported.
The EU’s General Data Protection Regulation (GDPR), the biggest shake-up of data privacy laws in more than two decades, came into force in May. It allows users to better control their personal data and gives regulators the power to impose fines of up to 4 percent of global revenue for violations.
“The amount decided, and the publicity of the fine, is justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent,” the CNIL said in a statement.
Google issued a statement saying that people expect high standards of transparency and control from us. “We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”
The CNIL decision follows complaints by two non-governmental organizations, None Of Your Business (noyb) and La Quadrature du Net (LQDN), which the regulator said had been mandated by 10,000 people to present the case.
“More than just a significant amount of money, this sanction is particularly detrimental to Google as it directly challenges its business model and will, in all likelihood, require them to deeply modify their provision of services,” Sonia Cisse, managing associate at Linklaters, said.