Google Fine Signals Closer Scrutiny of Data Privacy

Wright Studio/Shutterstock

Google got whacked again this week by European regulators for failing to comply with provisions of the EU’s General Data Protection Regulation covering data collection used for targeted advertising.

The French data regulator CNIL fined the search giant a record $56.8 million (€50 million) for failing to sufficiently inform consumers about collecting data used in online ads, citing a “lack of transparency, inadequate information and lack of valid consent to personalize advertising.”

Google (NASDAQ: GOOGL) said it was studying the decision.

GDPR rules that took effect last May state that “national authorities” can assess fines for “specific data protection violations.” The complaints by two privacy rights groups against Google were filed last May on the same day GDPR rules entered into force. According to a BBC report, the groups asserted that Google lacked a legal basis for processing user data applied to targeted ads.

Under GDPR consent rules, users must expressly consent before companies may process personal data.

Google has previously been a target of European regulators seeking to rein in the search giant and other U.S. companies operating there. Last summer, for example, EU regulators hit Google with a record $5.1 billion antitrust fine related to its smartphone operations.

Vendors focused on data privacy said this week’s fine puts U.S. tech companies on notice that they must strictly comply with GDPR rules regard the processing of private data.

“Clearly U.S. businesses are not immune to privacy regulation in Europe,” said Greg Sparrow, senior vice president at CompliancePoint, a data privacy and security vendor. “If there was any doubt, look to Google’s fine [this week] under GDPR.”

Added Sparrow: “Make no mistake, European regulators are sending a message to Silicon Valley: Fully comply with European privacy regulation or face the ire of regulators.”

Data analytics vendor Talend (NASDAQ: TLND) reported a paltry 17 percent compliance rate for GDPR among tech companies. It noted that GDPR complaints are pending against Amazon, Apple, Netflix and YouTube.

“The world has been on tenterhooks waiting for the first major fine to be enforced for a breach of the GDPR – and this week they got what they were waiting for,” said Jean-Michel Franco, Talend’s data governance chief.

Franco noted a “huge spike” in consumer complaints to EU data privacy regulators.

“Businesses must do more to regain the trust of their data subjects and be aware that they risk very significant fines and further reputational damage in the event of non-compliance—both of which could prove potentially fatal to businesses,” Franco added.

The French regulatory action comes one week before Data Privacy Day on Jan. 28. “Trust—with  data  privacy  as an element of trust—will be a defining quality of companies that survive in the future of digital business,” said Patrick McGrath, product management director at Commvault.

Recent items:

So Far, GDPR Compliance is Uneven

The Enlightening Side of GDPR Compliance