Issues of lack of transparency and consent formed the basis of the CNIL’s $57 million dollar fine against Google under the GDPR. CNIL is France’s highest ranking data-privacy agency. It’s the first large penalty for a U.S. technology company since the GDPR went into effect last May.
In finding that Google violated the GDPR, the CNIL focused on the level of complexity in finding sufficient information (notice) regarding the use of personal data for targeted advertising, the use of pre-checked boxes to obtain user consent and the level of choice available to users. This fine represents (by far) the largest penalty issued under the GDPR to date. DBR on Data will provide more information as it becomes available and will have a follow up post.
A brief summary in English and CNIL’s decision is available here (in French).
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.