Google has been fined almost $57 million (approximately Rs. 406 crores) by French authorities for breaking Europe’s demanding new data-privacy principles, marking the first significant penalty brought against a US tech giant since the regionwide regulations took effect last year.
France’s top data-privacy agency, called the CNIL, stated Monday that Google didn’t fully disclose to customers how their private information is collected and what happens to it. Google also did not properly get users’ permission for the purpose of showing them personalised ads, the watchdog agency said.
To French regulators, Google’s business practices conducted afoul of Europe’s new General Data Protection Regulation. Implemented in 2018, the sweeping privacy principles, commonly referred to as GDPR, have set a worldwide standard that has forced Google and its technology peers in Silicon Valley to rethink their data-collection clinics or threat sky-high fines.
The United States lacks a comparable, overarching federal consumer privacy legislation, a lack in the eyes of privacy rights advocates that’s raised Europe since the world’s de facto privacy cop.
Despite Google’s recent changes comply with all the E.U. rules, the CNIL stated in a statement that”the infringements observed deprive the users of essential guarantees concerning processing operations that can disclose significant parts of their personal life because they are based on a large number of information, a wide variety of providers and almost unlimited possible combinations.”
In response, Google said it’s”studying the decision to determine our next steps,” adding:”People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of this GDPR.”
French regulators began investigating Google on May 25 – the day GDPR went into effect – in reaction to concerns raised by 2 groups of privacy activists. They registered additional privacy complaints against Facebook and its subsidiaries, photo-sharing program Instagram and messenger service WhatsApp, along with other EU countries.
“We are extremely happy that for the first time a European data protection authority is utilizing the possibilities of GDPR to punish clear violations of this law,” said Max Schrems, the leader of the nonprofit noyb.eu (None of Your Business). “It is essential that the authorities make it clear that simply claiming to be criticism is not enough.”
In recent decades, EU officials also have penalised Apple because of its tax practices, probed Facebook for several solitude scandals and slapped Google with a record-breaking fine on charges it sought to undermine its corporate rivals.
US consumer advocates on Monday strongly urged Washington to follow Europe’s lead. The FTC is Washington’s top privacy and security watchdog.
Under the E.U’s data privacy law, technology giants including Google have to give users a complete, clear image of the data they accumulate, together with simple, specific tools for users to consent to having their personal information tapped. In both circumstances, France said that Google had erred. Full particulars about exactly what Google does with customers’ private information are”excessively sprinkled across several documents,” in accordance with the CNIL. The absence of transparency is much more jarring to consumers, the watchdog said, due to the sheer quantity of services Google operates – including its maps support, YouTube and its app store.
Even though Google users can modify their privacy settings when they create an account, French authorities said it isn’t enough – partly because the default setting is for Google to exhibit personalised ads to users. Meanwhile, the Google requires individuals who sign up to consent to its terms and conditions in full to create their account, a kind of consent the CNIL faulted since it requires users to agree to everything – or not use the service in any way.
Some consumer advocates still bristled that France had not gone far enough. La Quadrature du Net, one of the groups that filed the complaint against Google, lamented it is”quite low in comparison to Google’s yearly turnover.”
While the group said it appreciated the initial movement to nice Google, they felt that the French authorities had concentrated only on a small portion of the tech firm’s alleged offenses. They said they hoped the authorities agency would respond shortly to the remainder of their complaint, and they noticed that the maximum possible fine is more than $4.7 billion (roughly Rs. 33,500 crores).
Estelle Massé, a data security expert at the advocacy group Access Now, described the French ruling as”the first major signal” about Europe’s willingness to enforce GDPR. Other companies, she said, had participated in practices like Google, increasing the risk that additional US tech giants could face fines of their own.
“Google is not the only one doing so,” Massé explained. “This is significant for Google as a company but also for different actors.”