A French company "CNIL" has fines €50 million against Google

author photo

Google GDPR Android onboarding, CNIL, a French data protect company has issued Google it's first GDPR fine, CNIL fines (€50 million worth $57 million) its  claim with Google for the General Protection Regulation (GDPR). The law against new Andriod user still setting up the Android on boarding process and unsatisfactory information and lack of valid consent for the personalization of advertisement. The fines was made January 21, 2019.

This is the first time that the CNIL has applied the new maximum penalties provided by the RGPD.
Google gmail login
Image: Shutterstock
On May 25 and 28, 2018, the National Commission for Informatics and Freedoms received collective complaints from the association None Of Your Business ("NOYB") and La Quadrature du Net ("LQDN"), was said that one of the complaints, criticized Google for not having a valid legal basis to process the personal data of the users of its services.

A breach of transparency and information "this is for example the case if a user wants to have complete information on the collection of its information for the personalization of advertisements, or for its geolocation.

Relevant information is accessible only after several steps, sometimes involving up to five or six actions

The CNIL also says that the users are not able to understand the extent of the treatments put in place by Google and how the data is being used.

Essential information, such as the purposes for which the data is processed, the length of time the data is stored, or the categories of data used to personalize the advertisement, are excessively scattered throughout several documents, which include buttons and links that it is necessary to activate to read additional information, the regulator write".

The regulator write about "failure to provide a legal basis for advertising personalization treatments that the Google relies on the consent of user to process their data for personalization, and it is said that the consent is not collected for some reason, because the user does not  know what there sign up for, in section of "customization ads" it is not possible to become aware of the plurality of services, sites, applications involved in these treatments (Google search, You tube, Google home, Google maps, Playstore, Google photo ...) and therefore the volume of data processed and combined."

Certainly, when creating an account, the user has the option to change some of the parameters associated with the account by clicking on the " more options  " button, present before the " Create an account  " button  . In particular, it is possible to set the display modes for personalized ads.

The RGPD is not respected. Indeed, not only the user must make the move to click on "  more options  " to access the setting, but in addition the display of personalized ads is pre-checked by default.

However, the consent is "univocal", as required by the RGPD, only if the user performs a positive act (tick an unchecked box for example).

Finally, before creating your account, the user is asked to tick the boxes "  I accept the terms of use of Google  " and "  I accept that my information is used as described above and detailed in the rules.

confidentiality To be able to create an account. Such a method leads the user to consent in block, for all the purposes pursued by GOOGLE on the basis of this agreement (customization of advertising, voice recognition, etc.). But consent is "specific", as required by the GDPR, only if it is given separately for each purpose, the regulator write.

A Google spokesperson sent this following statement to TechCrunch

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”

The restricted formation fine Google a 50 million euros ($57 million) that is made public.