The Commission Nationale de l’Informatique et des Libertés (CNIL), a French agency for data protection regulations, has issued the first major GDPR fine since regulations took effect last year. CNIL imposed the $57 million fine on Google for practices related to the Android operating system – saying that the company failed to unambiguously communicate to users about what data was being collected, why it was being processed, and how long it would be stored.
In a recent statement, Google plans to appeal the fine:
“We’ve worked hard to create a GDPR consent process for personalised ads that is as transparent and straightforward as possible, based on regulatory guidance and user experience testing…We’re also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond. For all these reasons, we’ve now decided to appeal.”
Regulators can fine companies up to 4% of annual global revenue for GDPR violations. Previous GDPR fines have ranged from $6,000 to $23,000. Of the $57 million fine, CNIL says that the high amount is “justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information, and consent.”
This move by CNIL exhibits how central the issue of data privacy has become to the tech industry. Regulators and users alike are demanding more transparent data practices from companies, and this won’t be the last major fine imposed on a tech giant for GDPR violations.