News

Google first of the Silicon Valley giants hit by major GDPR fine

Google has become the first of the Silicon Valley technology giants to be landed with a fine under the General Data Protection Regulation that came into effect across Europe in May 2018.

Tamlin Magee Jan 23rd 2019 A-A+
Google_first_of_the_Silicon_Valley_giants_hit_by_major_GDPR_fine.jpg

Google has become the first of the Silicon Valley technology giants to be landed with a fine under the General Data Protection Regulation that came into effect across Europe in May 2018.

The firm was hit with a €50 million fine by the French data privacy regulator CNIL over what it said were compliance failures over GDPR. It is the largest fine issued to data since GDPR came into effect.

The CNIL said it first received complaints in May 2018 that alleged Google did not have the legal right to process some personal data of its users, in particular over advertising. They were filed by None Of Your Business - NOYB - and La Quadrature du Net - LQDN, the Austria and France based digital rights advocacy groups, respectively.

According to the CNIL, information relating to Google's processing of data was not found accessible enough to users - or the extent of the use of this data. It found that user consent was not established sufficiently and that where it was consented to, Google was ambiguous over the meaning of the consent.

The affected Google services could include YouTube, Search, Maps, and Android app store Google Play.

However, the €50 million fine is paltry compared to the maximum possible fine under GDPR, which states that companies could be subject to punishments of as much as four percent of global annual turnover. Google's revenue reported in April 2018 was $31.15 billion.

The European non-profit NOYB is separately challenging streaming web heavyweights Netflix, Spotify and YouTube over their right to access policies.

They say that after testing by the group these companies - along with the likes of Amazon and Apple - the streaming services have violated Article 15 of the GDPR, which enshrines the right of the data subject to know whether or not data about them is being processed - and if so to be able to access this data.

A Google spokesperson told the Verge that the company was "deeply committed" to meeting "high standard of transparency and control".