France's data watchdog on Monday announced a fine of 50 million euros ($57 million) for U.S. search giant Google, using the EU's strict General Data Protection Regulation (GDPR) for the first time.
Google was handed the record fine from the CNIL regulator for failing to provide transparent and easily accessible information on its data consent policies, a statement said.
The CNIL said Google made it too difficult for users to understand and manage preferences on how their personal information is used, in particular with regards to targeted advertising.
"People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR," a Google spokesperson said in a statement.
"We're studying the decision to determine our next steps."
The ruling follows complaints lodged by two advocacy groups last May, shortly after the landmark GDPR directive came into effect.
One was filed on behalf of some 10,000 signatories by France's Quadrature du Net group, while the other was by None Of Your Business, created by the Austrian privacy activist Max Schrems.
Schrems had accused Google of securing "forced consent" through the use of pop-up boxes online or on its apps which imply that its services will not be available unless people accept its conditions of use.
"Also, the information provided is not sufficiently clear for the user to understand the legal basis for targeted advertising is consent, and not Google's legitimate business interests," the CNIL said.
Please click to read our informative text prepared pursuant to the Law on the Protection of Personal Data No. 6698 and to get information about the cookies used on our website in accordance with the relevant legislation.
6698 sayılı Kişisel Verilerin Korunması Kanunu uyarınca hazırlanmış aydınlatma metnimizi okumak ve sitemizde ilgili mevzuata uygun olarak kullanılan çerezlerle ilgili bilgi almak için lütfen tıklayınız.