PARIS—France has imposed a $57 million fine against Google for violations of the EU's General Data Protection Regulation, sending a strong to message to the technology giant that its privacy and data collection practices are inadequate.
The penalty, levied by the country's National Data Protection Commission (CNIL) is the largest fine handed out so far under GDPR, which is intended to better protect Europeans' personal data, said BankInfoSecurity.
"The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of GDPR: transparency, information and consent," CNIL said.
CNIL cautions that Google – including its advertising personalization model – does not currently comply with GDPR, and must come into compliance as quickly as possible. "The violations are continuous breaches of the regulation as they are still observed to date," CNIL said in its penalty notice. "It is not a one-off, time-limited infringement."
Google officials in Sydney said the company was studying CNIL's decision and that it is "deeply committed to meeting those expectations and the consent requirements of the GDPR," BankInfoSecurity reported.
EU data protection authorities can impose fines of up to $23 million, or 4% of an organization's annual global revenue – whichever is greater – on any organization found to have violated GDPR. Regulators can also revoke an organization's ability to process individuals' personal data, BankInfoSecurity said.