On January 21, 2019, France’s National Data Protection Commission (CNIL) announced that Google is being fined a total of €50 million for failing to comply with certain rules set in place by the General Data Protection Regulation (GDPR) that officially went into effect in May 2018.
As for why the fine was issued, CNIL says that Google doesn’t make it clear enough in regards to what data it collects from users and fails to give people enough control over how their data is used by Google.
Indeed, the general structure of the information chosen by the company does not enable to comply with the Regulation. Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information.
Users are not able to fully understand the extent of the processing operations carried out by GOOGLE. But the processing operations are particularly massive and intrusive because of the number of services offered (about twenty), the amount and the nature of the data processed and combined. The restricted committee observes in particular that the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes.