You are here

Google fined 50m euros in EU data privacy breach

It is accused of not properly disclosing to users how data is collected across its services - including its search engine, Google Maps and YouTube - to present personalised ads

BT_20190123_YPGOOGLE_3675730.jpg
The penalty for Google is the largest to date under the European Union privacy law, known as the General Data Protection Regulation, which took effect in May.

London

AFTER European policymakers adopted a sweeping data privacy law last year, the big question was how regulators would use their newfound authority against the most powerful technology companies.

In the first major example, the French data protection authority announced Monday that it had fined Google 50 million euros (S$78 million) for not properly disclosing to users how data is collected across its services - including its search engine, Google Maps and YouTube - to present personalised advertisements.

The penalty is the largest to date under the European Union (EU) privacy law, known as the General Data Protection Regulation (GDPR), which took effect in May, and shows that regulators are following through on a pledge to use the rules to push back against Internet companies whose businesses depend on collecting data. Facebook is also a subject of several investigations by data protection authorities in Europe.

sentifi.com

Market voices on:

The ruling signals a new phase in enforcing the European law, which the region's lawmakers and privacy groups have cheered as a check against the growing power of technology companies, while for general consumers, it has led mostly to a frustrating increase in the number of consent boxes to click. The fine against Google is just the fourth penalty against any company since the law took effect.

Europe's experience is being closely watched by policymakers in the United States, who are considering a new federal privacy law. Tim Cook, Apple's chief executive officer, last week called for new rules that closely follow Europe's.

The ruling on Monday takes aim at Google's business model, which turns data on users into narrowly targeted ads.

A central element of Europe's new regulations is that companies must clearly explain how data is collected and used. France's data protection regulator said Google did not go far enough to get consent from users before processing data. Instead, it said, people are largely unaware of the data they are agreeing to share, or how Google plans to use the information.

Google defended its policies and said it was determining whether to appeal.

"People expect high standards of transparency and control from us," a Google spokesman said. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps." NYTIMES