What Happened: French data regulator CNIL has fined Google 50 million euros ($57 million) after finding that it violated the European Union's General Data Protection Regulation (GDPR), BBC reported Jan. 21. CNIL specifically cited Google's "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation" in imposing the penalty.
Why It Matters: This is the largest fine to be levied under the GDPR since it took effect in May 2018. Largely, global tech companies have been slow to update operations to meet the new security laws. While Google is well-equipped to handle such large fines and is likely to appeal the penalty, the question remains whether regulators will begin issuing similar fines to smaller companies.
Background: In May 2018, the European Union began enforcing GDPR laws to protect its citizens' information online, especially as more sectors integrate artificial intelligence into data collection. The regulation gives bloc members the legal tools to punish companies that mishandle information, including the delivery of unwanted solicitations and failure to protect sensitive information from cyberattacks. As part of its larger crackdown on U.S. tech firms, the European Union also hit Google's parent company, Alphabet Inc., with a 4 billion euro ($5 billion) antitrust fine in June 2018 for the company's policies on its Android operating system.
- Data Privacy and AI Ethics Stepped to the Fore in 2018 (Jan. 2, 2019)
- Fines and Lawsuits Are Adding to the Cost of Corporate Data Breaches (Nov. 13, 2018)
- What the GDPR Means for Companies in Europe and Beyond (May 25, 2018)