France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American company for alleged violations of the sweeping EU privacy law.
According to the CNIL, Google did not tell consumers about how their data could be collected and stored, and did not obtain adequate consent from consumers for targeted advertising to them.
CNIL found that requiring all users signing up for an account to agree to the terms and conditions before they access Google’s services was unfair. The CNIL also found that users’ personal information was “excessively disseminated” across Google’s services.