The CNIL (National Data Protection Commission) said in a press release that, the fine has been levied on Google for “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization”.
The EU’s General Data Protection Regulation (GDPR), maybe the biggest shake-up of data privacy laws in more than two decades. It allows users to better control their personal data and gives regulators the power to impose fines of up to 4 percent of global revenue for violations.
According to the CNIL, Google has been found violating two core privacy rules of the GDPR—Transparency, and Consent.
First, the search engine giant makes it too difficult for users to find essential information, like the “data-processing purposes, the data storage periods or the categories of personal data used for the ads personalisation,” by excessively disseminating them across several documents with buttons and links and requiring up to 6 separate actions to get to the information.
And even when the users find the information they are looking for, the CNIL says that information is “not always clear nor comprehensive.”
According to the CNIL, the option to personalize ads is “pre-ticked” when creating an account with Google. It makes the users unable to exercise their right to opt out of data processing for ads personalization, which is illegal according to the GDPR.
The Commission says, “The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalization, speech recognition, etc.)”.
In response to the GDPR fine imposed by France, Google said in a statement: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.