Jump to Navigation

The CNIL (the French data protection authority) fines Google

Google: finally a fine that meets the standards of the GDPR !

February 12, 2019

On 21 January, the CNIL (the French data protection authority) imposed on Google a $ 57 million fine for breach of the General Data Protection Regulation (GDPR).

Following off-site and on-site investigations, the following breaches were observed by the CNIL:

  • violation of the obligations of transparency (GDPR articles 12): essential information is excessively disseminated across several documents, with the requirement to click on too many buttons and links to access additional information;
  • violation of the obligations of transparency (GDPR articles 13 and 14): users are not able to fully understand the extent of the processing operations carried out by Google;
  • violation of the obligation to justify a legal basis for ads personalization processing (GDPR article 6): consent is not valid because the user is not sufficiently informed and the consent is neither "specific" nor "unambiguous".

Following the decision, the company did not specify whether or how it plans to change its consent practices, or if it would appeal against the ruling of the CNIL.

Facebook is currently subject to several other investigations by the data protection authorities across Europe.

We at LNA are regularly comparing notes on GDPR issues in our respective jurisdictions and we are familiar in dealing with transnational issues associated to data protection. 

Back to Top

LNA members are not affiliated in the joint practice of law; each member firm is an independent law firm and renders professional services on an individual and separate basis.