CNIL said it had levied the fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”, and that consumers were “not sufficiently informed” about how the tech company collected data to personalise advertising.
Moreover, the French regulator said “the information on processing operations for the ads personalisation is diluted in several documents” and that “the user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalisation, speech recognition, etc.)”. Still GDPR says that the consent is ‘specific’ only if it is given distinctly for each purpose.
Google said it was “studying the decision” to determine its next steps, according to BBC.
The first complaint under the EU’s new General Data Protection Regulation (GDPR) against Google was filed on 25 May 2018, the day the legislation took effect. The noyb and La Quadrature du Net claimed Google did not have a valid legal basis to process user data for ad personalisation, as mandated by the GDPR.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now