Tech giants Amazon, Apple, Google, Netflix and Spotify have all been accused of not complying with GDPR, Europe’s data privacy regulations, and could face hefty fines for continuous violations. Things have now escalated, as Google has to pay a fine of 50 million euros for an ongoing violation after French data regulator CNIL accused the company of “lack of transparency, inadequate information and lack of valid consent regarding ads personalization,” writes the BBC.
“The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalization, speech recognition etc.),” CNIL said. “However, the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”
The regulator says Google’s consent policies are neither transparent enough nor “easily accessible,” which kept users in the dark about how their personal data was used in personalizing ads and other services. Also, the information was “disseminated across several documents” making it difficult for users to review.
“The relevant information is accessible after several steps only, implying sometimes up to five or six actions,” the regulator said. “Users are not able to fully understand the extent of the processing operations carried out by Google.”
CNIL acted upon complaints filed in May by privacy advocates noyb and La Quadrature du Net (LQDN) as soon as legislation went into effect.
“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said in a statement to a local publication. “We’re studying the decision to determine our next steps.”