The French data protection authority, the CNIL, announced it has fined Google $57 million "in accordance with the General Data Protection Regulation ... for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization." The CNIL said the "'one-stop-shop mechanism' was not applicable," allowing it, along with other DPAs, to be a competent authority. According to The Wall Street Journal, Ireland's Data Protection Commission said, "Google until now hasn't met its criteria for having an establishment in Ireland, because its U.S. entity was responsible for processing EU users' data, rather than its Irish unit." As of Tuesday, the DPC will "become Google's lead [DPA] in the EU for most matters." Brave's Johnny Ryan said the "CNIL's decision is very significant because it means that Google must stop building advertising profiles about people until it has properly told them what it is doing and received their consent." A Google spokesperson said the company is "studying the decision to determine our next steps."
If you want to comment on this post, you need to login.