Google Faces French Fines, Facebook Awaiting Probable FTC Fines

Jan 25, 2019

Security and privacy issues aren't going anywhere in 2019. In fact, we're starting to see the first big consequences of the increased focus on data privacy. Earleir this week, news broke that Google will be the first subject of a major fine due to GDPR violations. At $57 million, the fine is sizable.

According to the Washington Post, “France’s top data-privacy agency, known as the CNIL, said Monday that Google failed to fully disclose to users how their personal information is collected and what happens to it. Google also did not properly obtain users’ consent for the purpose of showing them personalized ads, the watchdog agency said.”

Specifically, France's CNIL says is received two complaints. “In the two complaints, the associations reproach GOOGLE for not having a valid legal basis to process the personal data of the users of its services, particularly for ads personalization purposes.” Furthermore, the CNIL found that “Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information. The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions. For instance, this is the case when a user wants to have a complete information on his or her data collected for the personalization purposes or for the geo-tracking service.”

The violations don't end there. CNIL says that Google's atempts at complying with GDPR aren't good enough: “That does not mean that the GDPR is respected. Indeed, the user not only has to click on the button 'More options' to access the configuration, but the display of the ads personalization is moreover pre-ticked. However, as provided by the GDPR, consent is 'unambiguous' only with a clear affirmative action from the user (by ticking a non-pre-ticked box for instance).”

In the second quarter of 2018, Alphabet—Google's parent company—reported $32.7 billion in revenue. Will $57 million be a hefty enough fine for Google to take GDPR seriously, and make its business more transparent?

Meanwhile, back in the U.S., the Washington Post reported that FTC officials had met to talk about hitting Facebook with a “record-setting” fine. Specifically, the fines would be for “for violating a legally binding agreement with the government to protect the privacy of its users' personal data, according to three people familiar with the deliberations but not authorized to speak on the record.”

The exact amount of the fine is still unknown, but it's been speculated that it would top $22.5 million the FTC made Google pay in 2012. Though it's hard to say when the fines might actually be levied, as the FTC is one of the agencies impacted by the government shutdown.

Related Articles

Israeli cybersecurity firm provides advanced protection against malicious files.
France's Supervisory Authority (CNIL) has fined Google $56.8 millions Euros for what the data protection watchdog believes is a violation by the multinational tech company on EU's General Data Protection Regulation (GDPR).