Google Is First Company to Violate GDPR, Fined $56.8 Million

There was much discussion surrounding the new privacy rules, the General Data Protection Regulation (GDPR), governing Europe that were enacted last year. The first company to be fined under the new rules is the behemoth Google. Privacy regulators in France fined them $56.8 million for using the private data of users, without proper consent, to create personalized ads, and by adding privacy disclosures deep within text.

Google’s GDPR Punishment

CNIL, France’s privacy watchdog, reported in a statement that Google was fined for needlessly obscuring information regarding how it processed user data. This goes again the new privacy rules’ demand that information should be more easily accessible.

Essential information with regards to how user data is processed, stored, and used was “excessively disseminated across several documents,” according to the statement. Google’s information, including how they gather personal information to help determine user location, sometimes required up to five or six steps to reach it.

The statement added that some of the information “is not always clear nor comprehensive.”

Google maintains that they get a user’s consent before using their data to personalize ads, but the French commission found that the company’s process for informing users as to what they’re consenting to was inadequate.

Users of Google are “not sufficiently informed,” read the statement, and Google’s language was found to be “vague” and its violations to be “continuous.”


“The processing operations are particularly massive and intrusive because of the number of services offered (about twenty) and the amount and the nature of the data processed and combined.” Additionally, it was noted that the “information about the retention period is not provided for some data.”

It was reported that CNIL’s judgement came after complaints filed by two advocacy groups in May.

“We have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products,” said Austrian privacy activist Max Schrems.

“It is important that the authorities make it clear that simply claiming to be compliant is not enough.”


In response, Google said it was “studying the decision” in order to determine its next steps. ‘People expect high standards of transparency and control from us,” they continued, while adding that they remain “deeply committed to meeting those expectations and the consent requirements of the GDPR.”

What do you think of Google’s fine for violating the GDPR? Do you feel it was just or unreasonably targeted? Leave your thoughts regarding Google violating the GDPR and their punishment in the comments below.

Laura Tucker Laura Tucker

Laura has spent nearly 20 years writing news, reviews, and op-eds, with more than 10 of those years as an editor as well. She has exclusively used Apple products for the past three decades. In addition to writing and editing at MTE, she also runs the site's sponsored review program.

One comment

  1. All these tech companies are quick to say “we abide by the laws of a country” in the name of profits. We literally have a company whose mantra is “privacy” giving a foreign (repressive) government complete access to it’s datacenters (ie, every single user’s contacts, gps, phone calls, pictures… all of it).

    When a law gets in the way of profits, the “we abide by…” no longer seems that important. I don’t think this fine will effect Google much but it’s a start. I recently learned that France is also one of the (very) few countries that have laws against Planned Obsolescence – something that many companies are building their business models around (locked down devices, lack of updates, non-removable batteries, remote sabotaging of batteries, etc).

    Hopefully we’ll see more traction is regard to actions aimed at protecting the consumer.

Comments are closed.