Yesterday's media reports turned out to be partially true, and Google indeed was fined for breaching GDPR. We now know that the French data protection watchdog CNIL has fined Google $50 million (£44m), the largest GDPR fine to date.
What's different is what the fine was for. Originally, it was said that Google is being fined for the way it handles AdSense. The media said Google is using its domination in the search engine market to make it hard for other companies to compete with AdSense.
However, the official ruling says Google violated GDPR in two ways: it wasn't transparent enough when it comes to creating a Google account through an Android device; and it has “massive and intrusive” data processing practices.
When users request information Google has on them, that information gets “spread across multiple pages”, making it “not easily accessible for users”.
"For instance, this is the case when a user wants to have a complete information on his or her data collected for the personalisation purposes or for the geo-tracking service."
When it comes to data processing, CNIL says the purposes of the processing were too vague and generic, meaning users weren’t able to fully understand them.
Finally, the consent it gathers up for ads personalisation is not valid.
"The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent," the CNIL said.
The full conclusion can be found on this link.
Image Credit: Ken Wolter / Shutterstock