Google appeals fine of €50 million imposed by CNIL
| Biggest ever fine imposed for GDPR violations
GOOGLE has confirmed its plans to appeal against a €50 million ($57 million) financial penalty imposed by the French data protection authority, CNIL .
The fine, which was the biggest-yet for non-compliance with the European Union’s General Data Protection Regulation (GDPR), which came into effect in May, 2018.
The CNIL says that Google broke the law by misleading users into “consenting” to allowing their personal information to be used for advertising purposes, when setting up new accounts. The GDPR is very clear about what constitutes real consent. The Information Commissioner’s Office (ICO) said the information users were given beforehand was much too fragmented and vague for them to understand precisely what they were consenting to.
A Google spokesperson said in a statement:
We’ve worked hard to create a GDPR consent process for personalized ads that is as transparent and straightforward as possible, based on regulatory guidance and user experience testing. …We’re also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond. For all these reasons, we’ve now decided to appeal.
Google appeals …but misses the point
According to an article in Computing, Coffin Mew associate solicitor Guy Cartwright suggested that the company and its legal counsel had “missed the point”. He continued:
Google may well have tried its best, but consent under the GDPR is a high bar that needs to be unequivocal and freely given. How can users give consent to Google using complex algorithms and automated processing when most simply don’t understand how these techniques work? Relying on an obscure privacy notice and telling us that our privacy is important simply isn’t enough. Isn’t the question more, should Google be doing this in the first place?
My view is that this sort of activity may push the boundaries as to what most people think is acceptable if they really understood how these tools worked and where it could lead. When it comes to Google’s appeal, I expect the courts to be unforgiving.
Google has made claims that it is concerned about publishers. Interestingly, these claims come at a time when the search giant is embroiled in a lobbying battle with major EU press publishers, who want Google to pay every time it uses a snippet of their article text in a search result.
However, many publishers rely heavily on ad revenue based on the data collected from their readers. But, it is likely that publishers too could fall foul of the GDPR, if they don’t obtain proper consent for tracking users’ online behaviours and traits.
Google also contributes substantial amounts to funding media innovation in the EU, in a “Digital News Initiative” that reportedly serves partly as a useful lobbying vehicle.
Notably, the penalty was the first GDPR fine to be imposed on a U.S. tech giant, and it’s highly unlikely that it will be the last. Social media leviathan, Facebook, still has outstanding cases to answer over similar consent issues. As revealed by Fortune last October, Twitter is also being investigated for failing to inform a user of how it tracks him when he follows links in tweets.
Finally, putting things into perspective, this latest fine – a ‘mere’ €50 million – seems like small potatoes, when compared with two other fines Google is currently contesting…
How about the fines of $5 billion and $2.7 billion that it received in the last couple of years for breaking EU competition law!
Sources and credits: Computing
Catch up on previous Google new stories