Sign up to Newsletter

Statement on CNIL Google GDPR fine

News & Analysis
Post date
21st January 2019
Money image

We found this image here.

In order for GDPR to be effective at protecting people's data, it must be implemented and enforced. Therefore, we are pleased to see that CNIL has taken action and issued Google a fine of €50 million based on complaints by NOYB and La Quadrature Du Net in May 2018. Despite numerous statements by Google that it takes the protection of people's data seriously, the decision demonstrates that they have a long way to go and that regulators will take action to hold companies that fail to comply with GDPR to account. That the decision comes in response to complaints by NOYB and LQDN (representing 10,000 people) also demonstrates the importance of the role of civil society in raising these issues.

This fine should serve as a wake up call for all companies whose business models are based on data exploitation to take data protection and individuals data rights seriously.

One of the key points in CNIL's decision is the lack of transparency and valid consent for Ads personalisation. The exploitation of personal data in the Ad ecosystem, from Google to data brokers and AdTech companies is of serious concern to PI. The decision gives us confidence that our complaints against seven data broker and AdTech companies filed to CNIL, the Irish DPA and the UK ICO in November 2018, will prompt similar scrutiny and action against these lesser known companies which amass and exploit the personal data of millions of people. Whilst 50 million euro may not seem a lot to Google, it is just a single fine and regulators should continue to take action on other pending complaints (for example: consumer organisations around Europe recently filed complaints to multiple regulators against Google's location tracking).

The above statement is attributable to PI Legal Officer, Ailidh Callander

Learn more
Data Protection
Location
France
Europe
Target Profile
Google

Related Content

Advocacy
Photo by Mathias Reding on Unsplash

PI seeks to inform report on AI and racial discrimination of the UN Special Rapporteur on racism

Privacy International submitted its input to the UN Special Rapporteur on racism for their upcoming report which will examine and analyse the relationship between artificial intelligence (AI) and non-discrimination and racial equality, as well as other international human rights standards.

Continue reading
Advocacy
An Electric Control Cabinet Production Factory

PI response to ICO consultation on web scraping by generative AI

PI responded to the ICO consultation on the legality of web scraping by AI developers when producing generative AI models such as LLMs. Developers are known to scrape enormous amounts of data from the web in order to train their models on different types of human-generated content. But data collection by AI web-scrapers can be indiscriminate and the outputs of generative AI models can be unpredictable and potentially harmful.

Continue reading
Long Read
Image of human body with dots of data being extracted

Q&A: €40 million fine for AdTech giant Criteo - What does it mean?

Our 2018 complaint against French AdTech company Criteo led to a €40 million fine for failing to ensure that data subjects had provided their consent to processing, to sufficiently inform them and to enable them to exercise their rights.

Following on from our initial reaction, we answer some questions about the decision below.

Continue reading
Advocacy
A drawing showing a tall amazon building surrounded by businesses closing and out of business. The caption read "Big tech's data-fuelled power is a huge problem"

Submissions to the UK and EU competition authorities on the Amazon/iRobot merger

On 2 May and 5 June 2023, PI made a submission to the UK Competition and Markets Authority (CMA) and the European Commission, respectively, in relation to the proposed merger between Amazon and iRobot, outlining the concerns the transaction raises for consumers and markets.

Continue reading