Google penalised €50m for GDPR breach

The first major financial penalty of €50m (£44m) has been imposed on Google LLC (EU HQ in Ireland) by CNIL, the French data regulator.

24 January 2019

Google’s €50m penalty

The first major financial penalty of €50m (£44m) has been imposed on Google LLC (EU HQ in Ireland) by CNIL, the French data regulator.

CNIL found that Google failed to provide users with adequate transparency information and secure valid user consent. Users could not easily access information about Google’s processing activities and detail regarding retention periods was lacking. It followed that the ‘consent’ relied upon was not informed.

Google informed users that their data was processed for ad personalisation, but this information did not encompass the plurality of websites, systems and apps involved in the processing (Google search, You Tube, Google Home, Google Maps, Playstore, Google Pictures). CNIL confirmed that Google’s description was too generic and vague in manner; a ‘one size all’ approach is not suitable for multiple uses.

What does this mean for you?

You must be transparent about how personal data is used. If you use cookies to track customers on your website or social media site, ensure you have specific and informed consent. Be clear about all your processing activities in one location - your accessible, up-to-date privacy notice. Review your policies regularly and update as necessary.

If you need help to ensure you are GDPR compliant, please do get in touch.

Contact

Contact

Hannah Dimech

Head of Marketing

onlineteaminbox@brownejacobson.com

+44 (0)370 270 6000

View profile
Can we help you? Contact Hannah

Related expertise

You may be interested in...