[ad_1]
The CNIL regulator has imposed a record fine on Google for failing to provide transparent and easily accessible information on its data consent rules, according to a statement.
The CNIL's regulator has imposed a record fine on Google for failing to provide transparent and easily accessible information on its data consent policies, according to a statement.
The CNIL stated that Google made it too difficult to understand and manage users' preferences for the use of their personal information, particularly with regard to targeted advertising.
"People expect a high level of transparency and control from us, and we are fully committed to meeting those expectations and consent requirements of the GDPR with respect to consent," a Google spokeswoman said in a statement.
Photo: AFP
"We are studying the decision to determine our next steps."
This decision follows complaints filed by two rights groups last May, shortly after the GDPR's landmark directive came into effect.
One was filed on behalf of some 10,000 signatories by the French group Quadrature du Net, the other by None Of Your Business, created by the Austrian activist for the protection of privacy Max Schrems.
Schrems has accused Google of obtaining "forced consent" through the use of online contextual dialogs or its applications, which implies that its services will only be available if users accept the terms and conditions. # 39; use.
"In addition, the information provided is not clear enough for the user to understand that the legal basis of the targeted advertising is the consent, not the legitimate business interests of Google," said the CNIL.
"The amount decided and the publicity of the fine are justified by the seriousness of the infringements found concerning the essential principles of the General Data Protection Regulation (GDPR): transparency, information and consent."
"In addition, the violations constitute ongoing violations of the settlement as they are still observed to this day.This is not a single, time-limited offense."
Special responsibility
GDPR is widely regarded as the biggest reworking of data privacy regulation since the advent of the Web.
Even companies that are not based in Europe must comply with the new strict rules if they want their sites and services to be available to European users.
The CNIL found that despite the changes made by Google since last year, it still did not respect the spirit of the new rules.
For example, he noted that the length of time a person's data is kept and how it is used is spread across multiple web pages.
Photo: AFP
Changing a user's data preferences also requires clicking on a series of pages such as "More Options." Often, the choice of accepting Google's terms of use is pre-ticked.
"This type of procedure leads the user to give his overall consent (…) but the consent is not" specific ", as required by the GDPR," the regulator said.
The record fine of 50 million euros testifies to the seriousness of the failings and the dominance of Google on the French market via Android.
"Every day, thousands of French users create a Google account on their smartphone," said the CNIL.
"As a result, the company has a special responsibility when it comes to meeting its obligations in this area," he said.
This is not the first time that the regulator is attacking Google's policies.
In 2014, the company was fined 150,000 euros – the maximum possible at the time – for failing to abide by its confidentiality rules for personal data.
And in 2016, he imposed a fine of 100,000 euros for non-compliance with the EU's "right to be forgotten" rule, allowing users to request that references to them be removed from the results of the EU. research.
Goole challenged this decision, saying that it should only apply to its European sites, such as Google.com, and not to the global Google.com domain.
Earlier this month, the Advocate General of the Court of Justice of the European Communities in Luxembourg sided with Google in the case, although a final decision n & # 39; Has not been announced yet.
[ad_2]
Source link
