How to buy iPhone 13 now Emmys 2021: How to watch iOS 15's best features FDA panel rejects Pfizer booster plan for general public SpaceX Inspiration4 mission

Google fined $57 million under new European data privacy law

The fine is the biggest imposed under the General Data Protection Regulation.


Google has been fined $57 million by a French regulator for not presenting transparent information about its data-gathering practices.

Claudia Cruz/CNET

Google has been fined 50 million euros (about $57 million) by a French regulator for not properly disclosing to users how their data is collected and used for targeted advertising.

The penalty is the biggest yet imposed under a new European privacy law that went into effect in 2018. The European Union's General Data Protection Regulation gives Europeans more control over their information and how companies use it.

France's National Data Protection Commission said on Monday that it imposed the fine after determining Google hadn't met its obligation for transparency by making information about its data collection easily accessible to users. The commission found that Google didn't present information about data-processing purposes and data-storage periods in the same place, sometimes requiring users to make five or six clicks to obtain the information.

The commission also found that Google hadn't presented the information in a clear and comprehensive manner, saying the company's descriptions are "too generic and vague." Google also didn't obtain valid user consent for personalized ads because of insufficient information, the commission said.

"People expect high standards of transparency and control from us," a Google spokesman said. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR.  We're studying the decision to determine our next steps."

The GDPR, which went into effect in May, introduced tougher rules on processing and storing personal data and requires companies to seek explicit consent before using personal data. Companies must be able to provide their users with a copy of their personal data and are required to report data breaches within 72 hours.

Now playing: Watch this: GDPR: Here's what you need to know

Originally published at 9:16 a.m. PT
Updated at 9:15 p.m. with Google statement.