Search engine giant Google has been fined €50 million by CNIL. CNIL is France’s data protection regulator, their fine of Google in response to the digital company’s failure to comply with the GDPR.
Although a record fine and one of the first GDPR fines against a tech behemoth such as Google, the £44 million fine is by no means the largest fine they could have received under GDPR guidelines. Under the guidelines, Google could have faced a fine of 4% of their annual turnover, which, after making $33.74 billion alone in the last quarter of 2018, would easily dwarf the €50 million fine the company received. CNIL fined Google for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
The fine comes as a result of 2 complaints against Google made in May of 2018, one of which was made on the day that GDPR took effect, by French privacy right groups LQDN and noyb. Both groups’ complaints stated that Google did not have a legal basis for processing the data of their users for ad personalisation under GDPR, and CNIL said that, “users are not able to fully understand the extent of the processing operations carried out by Google.”
GDPR and Your Business
While this may be one of the first high profile fines or sanctions, Google are by no means the first business to be disciplined in this way for violating the General Data Protection Regulation. The majority of GDPR cases are estimated to be against smaller businesses that don’t operate on the global scale. 99% of businesses in the UK are small to medium enterprises, and they are just as responsible for protecting the personal data they hold as bigger brands.
Whatever size your business is, make sure you are on the path to GDPR compliance with secure IT Asset Disposal and by making yourself and your team aware of these 5 top data security issues and our 3 mains risks of improper IT disposal.