France Fines Google $57M Under New Privacy Laws

Google Mountain View - Getty - H 2018
Justin Sullivan/Getty Images

It's the first penalty under Europe's wide-ranging General Data Protection Regulation (GDPR), which seeks to protect consumers with some of the toughest data privacy regulations worldwide.

Tech giant Google has been fined $57 million by French regulators, in the first case of an American tech company violating Europe's new privacy protection laws that went into effect in May 2018.

France's dedicated data protection office (CNIL) found the search engine did not provide clear information to consumers about how their data could be collected and stored and failed to ask for adequate consent from users on how that data would be used to deliver targeted advertising.

It's the first fine under Europe's wide-ranging General Data Protection Regulation (GDPR) which seeks to protect consumers with some of the toughest data privacy regulations worldwide. Under the regulations, companies must be clear about what data they collect as well as give users the chance to consent.

Google requires anyone signing up for an account to agree in full to its terms and conditions before they can access the service, which French regulators said was an unfair form of consent. Even though users can opt out at a later date, the default setting is to collect data for personalized ads. The regulators also said that users' personal information is “excessively disseminated,” meaning it's scattered across Google's many services, including YouTube.

“Despite the measures implemented by Google, the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations,” the regulators said.

Google said it is examining the decision to determine what it will do next: “People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR.”