Google fined $57 million under new European data privacy law
The fine is the biggest imposed under the General Data Protection Regulation.
Steven MusilNight Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
ExpertiseI have more than 30 years' experience in journalism in the heart of the Silicon Valley.
has been fined 50 million euros (about $57 million) by a French regulator for not properly disclosing to users how their data is collected and used for targeted advertising.
The penalty is the biggest yet imposed under a new European
law that went into effect in 2018. The European Union's General Data Protection Regulation gives Europeans more control over their information and how companies use it.
France's National Data Protection Commission said on Monday that it imposed the fine after determining Google hadn't met its obligation for transparency by making information about its data collection easily accessible to users. The commission found that Google didn't present information about data-processing purposes and data-storage periods in the same place, sometimes requiring users to make five or six clicks to obtain the information.
The commission also found that Google hadn't presented the information in a clear and comprehensive manner, saying the company's descriptions are "too generic and vague." Google also didn't obtain valid user consent for personalized ads because of insufficient information, the commission said.
"People expect high standards of transparency and control from us," a Google spokesman said. "We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."
The GDPR, which went into effect in May, introduced tougher rules on processing and storing personal data and requires companies to seek explicit consent before using personal data. Companies must be able to provide their users with a copy of their personal data and are required to report data breaches within 72 hours.
Watch this: GDPR: Here's what you need to know
Originally published at 9:16 a.m. PT
Updated at 9:15 p.m. with Google statement.