Google has fallen foul of the French data regulators with the announcement yesterday of an impressive £44m fine against the global search engine giant. In a move that has sent the tech industry chattering, this marks the first major European penalty since the rollout of GDPR on 27th May 2018. It was going to happen sooner or later, it was just a matter of who first?
Google’s blunder was their covert process of gathering data to personalise ads without ‘sufficiently’ informing user, burying the detail in terms and conditions and using pre-ticked boxes (contrary to new legislation).
CNIL, the French equivalent of the UK’s Information Commissioner’s Office filed two complaints as soon as GDPR came into effect.
Commenting on the severity of the fine, CNIL advised that the action was “justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent”.
The penalty is the largest to date under the European Union privacy law, known as the General Data Protection Regulation, which took effect in May, and shows that regulators are following through on a pledge to use the rules to push back against internet companies whose businesses depend on collecting data.
The fine announced on Monday is far lower than the maximum penalty under the European privacy law, which is 4% of global revenue. For Google, that would be more than $4 billion!
The response has been largely welcomed in the wider MSP community as a prompt to improve better marketing processes, echoed by Amicus ITS. Like many others today, Amicus ITS uses Account Based Marketing, so the lawful consent required is applied directly with the customer.
The news is a salutary reminder for vigilance with firms to ensure they comply with GDPR and offer flexibility in providing services through different marketing channels that create the variety and correct routes for data capture through websites and other means (which these days is translated as the increase in companies offering AI chatbots when communicating services or offering information with 3rd parties).
Are you surprised by the fine? Who do you think is going to be next up for punishment? Give us your thoughts.