Google has been fined €50 million ($57 million) in France by data regulator CNIL for breaching the European Union’s data protection rules.
The CNIL said in a statement that Google had not sufficiently informed its users about the exploitation of their personnal data.
“We’re not denying that Google informs users who open an account…but the information is disseminated on different documents,” and “it sometimes requires up to five actions to access the relevant information,” Mathias Moulin, the head of rights protections and sanctions at CNIL, told Agence France-Presse.
“The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent,” Moulin added.
The fine follows two complaints against Google filed with the CNIL by a pair of European nonprofit organizations advocating for data protection, France’s la Quadrature du Net and Austria’s None Of Your Business.
The CNIL is the first European body to sanction a global platform under the E.U.’s General Data Protection Regulation passed on May 25, 2018. The new legislation allows European bodies to levy fines worth up to 4% of annual revenue on companies that breach the data protection rules within Europe.
Addressing the fine, Google said it was “studying the decision” of the CNIL to determine its next steps. “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” stated Google.