$57 million fine on Google under French GDPR
The CNIL is the French data protection watchdogs. Now they have issued their very first GDPR fine on Google of $57 million(€50 million). The CNIL claims that Google has failed to follow the General Data Protection Regulation (GDPR).
What are the accusations from the CNIL
According to the CNIL Google made it too difficult for the users to understand and manage preferences on how their personal information on its data consent policies.
First of all essential information, such as data processing and purposes, the data storage periods and personal data used in advertisement etc. are not clearly stated by Google.
Secondly, according to the CNIL Google’s consent doesn’t comply with the GDPR. By default, Google pushes Android users to sign in or sign up for Google account. Google threatens users by telling them that not signing in to a Google account will make the experience worse. According to the CNIL Google should separate the Google account creation and android device setup processes. According to the GDPR bundling is illegal. So technically Google’s current process of setting up a device is illegal according to the GDPR.
If a user chooses to link their Gmail account to his/her Android device Google asks the user to tick and untick some preferences without mentioning the consequences. For instance, when Google asks a user if he/she wants personalized ads, the company doesn’t tell the user that it is not just about the ads in the Android phone, it’s also about the Google-driven sites like YouTube.
In addition to that, Google doesn’t ask for specific and unambiguous consent when you create an account — the option to opt out of personalized ads is hidden behind a “More options” link. That option is pre-ticked by default. According to the GDPR, it shouldn’t be pre-ticked.
A Google spokesperson said that users expect a lot of transparency and control from Google. That’s why Google is trying hard to meet those expectations and also meet the GDPR criteria.