On Monday, January 21, the CNIL condemned the US giant Google to 50 million fine for violating the rights of users to the exploitation of their personal data, set by the new regulations in force in the European Union (RGPD).
The National Commission for Informatics and Liberties (CNIL), the French police officer for personal data, has condemned the US giant Google to a fine of 50 million euros on Monday, January 21, because it is not sufficiently clear to its users about the exploitation of their personal data.
On the site of the Cnil, the decision accuses the American giant of his "Lack of transparency", "Insufficient information" and "The lack of valid permission to personalize advertising". The fine represents 0.05% of the annual turnover of the Californian company.
🔴 The CNIL financially finances GOOGLE → https://t.co/QmAEwAjbOC pic.twitter.com/Ymhd7biMQa
– CNIL (@CNIL) January 21, 2019
The CNIL thus becomes the first European regulatory authority to penalize a large global Internet platform using the provisions of the new European Regulation on the protection of personal data (RGPD), which entered into force on 25 May 2018.
Data protection: what are your new rights?
The new text makes it possible to impose sanctions of up to 4% of the worldwide turnover for breach of the data protection obligations of European citizens.
In accordance with the RGPD, the CNIL had to check with its European counterparties whether it was competent to deal with the complaint before it started its investigation. If the company concerned has a headquarters in a country of the Union, it is up to the authority of that country to carry out the investigation. Exchanges with the other authorities, in particular the Irish Protection Authority, where the European headquarters of Google is located, have not shown that the company had a headquarters in the Union.
"Information is not accessible enough"
For his research, Cnil has completed the journey that a new user of an Android smartphone (the smartphone operating system of Google) must make to create a Google account and use his device.
"We do not deny that Google informs" the user who opens an account for the exploitation of his data, explained to AFP Mathias Moulin, the director of the protection of rights and sanctions against Cnil. "But the information is not easily accessible, it is distributed in different documents" that the user never takes the time to consult, he said.
"Our goal is not to improve Facebook, but to get in the way of it"
"It can take up to five clicks to access information", he added and said that Google ultimately did not offer any information "Clear and understandable".
A collective complaint filed by two associations
The complaint examined by the CNIL was filed by two interest groups, the Quadrature du Net (France), commissioned by nearly 10,000 people, and None Of Your Business (NOYB), founded by the Austrian activist protection Max Schrems data, 25 and 28 May 2018.
If Google wants to object to this sanction, it will have to go to the Council of State.
The Cross (with AFP)