Google has been fined 50 million euros (£44m) by the French data regulator CNIL, for a breach of the EU’s data protection rules.
CNIL said it had levied the record fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
The regulator said it judged that people were “not sufficiently informed” about how Google collected data to personalise advertising.
In a statement, Google said it was “studying the decision” to determine its next steps.
Complaints against Google were filed in May 2018 by two privacy rights groups: noyb and La Quadrature du Net (LQDN).
The first complaint under the EU’s new General Data Protection Regulation (GDPR) was filed on 25 May 2018, the day the legislation took effect.
The groups claimed Google did not have a valid legal basis to process user data for ad personalisation, as mandated by the GDPR.
Although Google’s European headquarters is in Ireland, it was decided among the authorities that the case would be handled by the French data regulator, since the Irish watchdog did not have “decision-making power” over its Android operating system and its services.
