France’s data protection regulator, CNIL, has issued a €50 million fine (about $56.8 million USD) fine to Google for failing to comply with GDPR. The fine marks the first time a major tech company has been penalized under the new privacy law.
The General Data Protection Regulation, GDPR, went into effect in the EU last May. The regulation set forth universal data privacy laws across the European Union and created projections for user’s online data.
As part of the regulation, companies are required to get a user’s “genuine consent” before collecting information about them That consent needs to happen in the form of that user explicitly opting in to share their data. They also need to provide a way for users to delete that data.
CNIL issued the fine because Google did not meet the country’s standards for providing information to consumers about how their data is being used, nor did it provide enough information about its data consent policies.
While that $56 million might seem like a huge fine, it’s not as high as GDPR fines can get. Companies can be fined a maximum of 4% of their annual global turnover. For companies like Google, that could easily wind up being billions of dollars.