The French data protection authority (CNIL) has announced that it has imposed a record fine of € 50 million on Google for violating the GDPR today.
On the basis of the inspections carried out, the CNIL’s committee responsible for examining breaches of the Data Protection Act observed two types of breaches of the GDPR:
1. A violation of the obligations of transparency and information:
2. A violation of the obligation to have a legal basis for ads personalisation processing:
The penalty is based on two complaints based on ‘forced consent’ that were filed on May 25, 2018 (More Information on the original complaints)
The fine is the highest so far, and it is the first time that the CNIL applies the new sanction limits provided by the GDPR. According to the Press release, “the amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent.”
On Jan 22, 2019, Google has moved its European operations to Ireland and is will be regulated by the Irish Data ProtectionCommissioner as the ‘lead authority’.