French data protection watchdog and data privacy agency, CNIL, has imposed nearly a $57 million fine against Google for violating GDPR privacy rules. This is the first time GDPR-related penalties have been imposed against a large U.S. technology company since GDPR was first made into law last year.
The General Data Protection Regulation or GDPR was enacted in May of 2018 and was meant to standardize data protection laws and strengthen data protection for individuals across the European Union (EU).
CNIL imposed the fine of 50 Million Euros (or $57 million) after receiving complaints from several privacy activists, who also filed similar complaints against Facebook last year.
According to CNIL, Google violated certain transparency rules as Google’s data processing operation and information was not clear or easily accessible for users.
“Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information,” CNIL noted.
CNIL also added that users would have to take five or six steps to access relevant information, such as his/her data collected for the personalization purposes or for the geo-tracking service.
The French regulator also stated Google violated the obligation to properly obtain users’ consent for the purpose of showing users personalized ads.