The CNIL (France’s National Commission for Information Technology and Civil Liberties) has given out a fine of €50 million to Google. This isn’t the first data regulation based fine that Google has received from the CNIL but it is the first under GDPR.
Last May, numerous non-profit organizations made the complaints that lead to the fine. GDPR sends complaints such as these to local data protection, in this case the CNIL.
CNIL Findings
The CNIL found that Google was not being compliant with GDPR when it came to transparency and consent on Android devices.
“Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information,”
CNIL
In translation, this means the CNIL found much of Google’s data process in the Phone’s onboarding purposely convoluted.
For example, to learn how Google
“Second, Google’s consent flow doesn’t comply with the GDPR according to the CNIL. By default, Google really pushes you to sign in or sign up to a Google account. The company tells you that your experience will be worse if you don’t have a Google account. According to the CNIL, Google should separate the action of creating an account from the action of setting up a device — consent bundling is illegal under the GDPR.”
Tech Crunch
If one does choose to sign up for an account there are a series of options they can choose. One of these is accepting targeted ads. However, nowhere does the set up explain that by ticking yes, they will receive ads on devices outside of their Android device. Additionally, the investigation found that if a user was looking to opt out of personalized ads they would need to to go to “more options” in order to find it.
Regulators are content with the CNIL’s decision. NOYB (None of Your Business), one of the nonprofits who originally complained about this practice, is happy to see that their work to “protect fundamental rights is bearing fruit”.
Google made a statement following the news:
“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”
What You Can Do
As the data practices and regulation continue to develop you should be aware of what it means for the Digital You.
By signing up for ScoresMatter you can learn more about how your data is viewed by others. We also provide blog posts that can educate you on the latest events happening in data and how you can stay up-to-date.
Tap into the Digital You at ScoresMatter.