France Fines Google for GDPR Violation
France’s data protection regulator, CNIL, has issued Google a €50 million fine (around $56.8 million USD) for failing to comply with its GDPR obligations. This is the biggest GDPR fine yet to be issued by a European regulator and the first time one of the tech giants has been found to fall foul of the tough new regulations that came into force in May last year.
Is this sort of penalty effective, or does Google just shrug it off? Last quarter Google reported $33 billion in revenue and over $8 billion in profit. €50 million is not nothing, but is it enough to give Google pause?
Should Google not remedy its behavior, GDPR ultimately allows for fines up to 4% of global turnover.
[…]
What’s striking about this judgement is just how plainly the violations are detailed, and how clear it is that Google is not going to weasel out of compliance by evading informed consent by its normal tactics of obfuscation. This is a potential game changer for online privacy.
If GDPR is actually going to be enforce like this going forward, and it’s not just a one-off French expedition, the entire business model of Google and Facebook as it pertains to using personal information for ad targeting is in doubt.
A series of complaints brought under Europe’s General Data Protection Regulation (GDPR), filed by an Austrian privacy activist, accuse eight major streaming companies of failing to comply with European Union law.
[…]
Under GDPR, consumers are allowed to request data that companies hold on them. As a test, noyb says it asked eight major streaming media providers, including YouTube, Netflix, Spotify, Apple, and Amazon, to provide consumer data.
But the companies, noyb argues in its complaints, failed the test. SoundCloud and UK sports streaming service DAZN failed to provide the data, while six other companies did not provide adequate data under the law, noyb says. In most cases, the complaints argue, the companies failed to provide relevant background information meant to help consumers understand how their data is used, even though that information is required.