Google handed record €50m fine for GDPR breaches

Google was handed a record €50m fine by French data regulator CNIL on Monday for breaching the EU's new general data protection regulation (GDPR).

The regulator said the fine was due to a "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation" and judged that people were "not sufficiently informed" about how the company had collected data to personalise advertising.

CNIL said that the information users and customers needed to make informed choices and understand how their data would be used to generate personalised ads is hidden in complex agreements and was "diluted in several documents and does not enable the user to be aware of their extent".

Under GDPR rules, data consent policy information must be easily accessible and simple for users or customers to understand.

Furthermore, the option to sign up for personalised ads was 'pre-ticked' by default in user agreements, breaching regulations that state consent must be "specific" and given "in full" by the user.

A statement from Google said: "People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR."

The statement added that the company was "studying the decision" to determine its next steps.

Complaints against the tech giant were filed in May by privacy rights groups None of Your Business (Noyb) and La Quadrature du Net (LQDN), including one on the day GDPR legislation took effect.

On Monday, Noyb also accused online giants Amazon, Apple, Netflix and Spotify of breaching GDPR regulations, stating that the companies did not allow customer to quickly access easy to understand copies of their own customer data.

Google's shares were up 0.77% at $1098.26 at 1656 GMT.