Google fined for GDPR breaches in France

The company has been fined for "lack of transparency, inadequate information and lack of valid consent regarding ad personalisation," the regulator said in a statement.

Two privacy rights organisations, None of Your Business (NOYB) and La Quadrature du Net (LQDN), issued complaints against Google in May 2018, following the introduction of GDPR.

The groups claimed that the company did not have a valid legal basis to process the personal data of its users, particularly for the purpose of customising advertising, as stipulated by the data regulation.

CNIL said users were "not sufficiently informed" about Google’s data consent policies and that consent was "not validly obtained".

When consent was collected, the regulator ruled that it was neither "specific" nor "unambiguous" according to the standards set by GDPR.

The fine is the biggest issued by a European regulator under GDPR. CNIL said the figure was "justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent".