GDPR fine of €50 million

Do you remember that year, which was in the spirit of the dreaded GDPR (General Data Protection Regulation), which perhaps most haunted us with penalties of 4% of a company’s total turnover or 20 million euros for non-compliance, whichever is higher? The relevant supervisory authorities do work and we have already encountered them with our clients in Slovakia. But let us go back in time a little bit.

Did you know that?

The French Data Protection Supervisory Authority (“CNIL”) has issued its first major sanction under the EU’s new data protection regime (“GDPR”).

The French CNIL has fined Google €50 million (nearly $57 million) for failing to comply with its obligations under the European Union’s GDPR rules.

According to the statement, the CNIL concluded that Google’s violation of the EU GDPR was related to “lack of transparency, lack of information and insufficient valid consent regarding the personalisation of ads”.

Following “online inspections” of how Google handles user data when configuring new Android smartphones, the privacy regulator found that Google’s non-compliance with GDPR rules took 2 forms:

The company does not provide users with transparent and complete information about how it processes their data. “Basic details such as the purposes of data processing, the data retention period or the categories of personal data used to personalise ads are overly expanded in several documents,” the CNIL said. Moreover, “the purpose of the processing is described in an overly general and unclear manner”.
The CNIL stated that the user’s consent to the processing of their data for the personalisation of advertisements is not validly obtained. Apart from diluting the relevant information in several documents, Google does not provide unambiguous or specific consent. Clear confirmation from the user is required for consent to be valid. At the same time, consent is only specific if a purpose is given.

CNIL further argues that this is not a one-off or time-limited breach of the GDPR, as breaches of the rules are still occurring.

EU national authorities have already issued several fines under the GDPR since the regulation came into force on 25 May 2018, including to a Portuguese hospital in October or a German social network a month later. However, the fine imposed on Google is by far the largest. The law sets fines for criminal offences of up to 4% of a company’s annual worldwide turnover.

If you’ve waved your hand at GDPR so far, it might be time to think again.

Podobné články

What is Shopify and how to get started – The Complete Guide for 2025

Shopify is one of the world's most popular e-commerce platforms that makes it easy to create and manage e-stores without the need for coding. It's a cloud-based solution, which means you don't have to deal with hosting, security, or technical details - Shopify itself takes care of everything for you.
European Accessibility Act (EAA) 2025 – how to prepare your website for the new rules?

From 28 June 2025, new EU legislation known as the European Accessibility Act (EAA) will come into force. This directive aims to ensure that all digital products and services are accessible to people with disabilities. This means a significant change for websites, e-shops and mobile apps, which will have to comply with set digital accessibility […]
The biggest data leaks in history

In the modern digital world, we are increasingly faced with cases where data leaks intrude into our private lives.

Viac článkov

GDPR fine of €50 million

Did you know that?

The French CNIL has fined Google €50 million (nearly $57 million) for failing to comply with its obligations under the European Union’s GDPR rules.

Podobné články

What is Shopify and how to get started – The Complete Guide for 2025

European Accessibility Act (EAA) 2025 – how to prepare your website for the new rules?

The biggest data leaks in history

Ready To Get Personal? Let’s Talk.

Ready To Get Personal? 
Let’s Talk.