Today, France’s top data-privacy agency, known as the CNIL, issued the very first major penalty against a U.S. company for violating Europe’s strict new data privacy laws, via The Washington Post. The accused company is none other than Google, and the penalty is for a cool $57 million.
The French agency accuses Google of not fully disclosing to users how their personal data is collected nor how that data is eventually used. The agency also accused Google of not properly obtaining user consent for showing them personalized ads.
The privacy watchdog says these are examples of violations of Europe’s new General Data Protection Regulation, otherwise known as the GDPR. The GDPR is the world’s first major attempt to regulate large tech firms like Google, Facebook, Amazon, etc., and is forcing those companies to critically examine their own policies and procedures when it comes to data collection.
Although most major tech organizations — including Google — made sweeping changes last year in response to the passage of the GDPR rules, the CNIL says that Google hasn’t done enough. The CNIL said in a written statement, “the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services, and almost unlimited possible combinations.”
Google has yet to issue a statement on the fine.
It may seem that $57 million is not too big of an issue for a company that made $110 billion in revenue in 2017 alone. After all, $57 million is around one-twentieth of a percent of its 2017 revenue, so Google can handle that. However, if these policy violations continue from different countries for different reasons, the fines will all add up to an untenable situation for Google.