TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Daily Dashboard | CNIL levies $57M fine on Google for GDPR violations Related reading: The latest on potential FISA Section 702 reauthorization




The French data protection authority, the CNIL, announced it has fined Google $57 million "in accordance with the General Data Protection Regulation ... for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization." The CNIL said the "'one-stop-shop mechanism' was not applicable," allowing it, along with other DPAs, to be a competent authority. According to The Wall Street Journal, Ireland's Data Protection Commission said, "Google until now hasn't met its criteria for having an establishment in Ireland, because its U.S. entity was responsible for processing EU users' data, rather than its Irish unit." As of Tuesday, the DPC will "become Google's lead [DPA] in the EU for most matters." Brave's Johnny Ryan said the "CNIL's decision is very significant because it means that Google must stop building advertising profiles about people until it has properly told them what it is doing and received their consent." A Google spokesperson said the company is "studying the decision to determine our next steps."
Full Story


If you want to comment on this post, you need to login.

  • comment John Kropf • Jan 22, 2019
    Interesting treatment of "one-stop-shop" by the CNIL.  CNIL asserting it's authority where it determines the Irish DPA (where Google has its main establishment) does not have authority to act.
    Also, looking for some guidance on how fine was determined but only a general statement.
  • comment Dominic Newton • Jan 23, 2019
    Obvious question is, given Google's size, whether even this level of fine is big enough to prompt a change in behaviour...