Recently, the DPA (Data Protection Authority) of French discovered a lack of transparency on how Google harvests and utilizes personal data for ad-targeting reasons. CNIL i.e. France’s National Data Protection Commission fined Google $57 million for breaching the GDPR i.e. General Data Protection Regulation. It is the biggest fine under EU’s new data privacy law. The investigation team found Google guilty and declared that it is lacking in transparency in handling, as well as collecting user data of serving up personalized ads.
In its recent statement CNIL said, “Despite the measures implemented by Google, the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.” The controller even jotted down the scope of the violations’ effect.
Adding further, it said “The violations are continuous breaches of the Regulation as they are still observed to date. It is not a one-off, time-limited, infringement…”
Under the GDPR protocol, permission must be attained prior to the collection of any, such as targeted advertising. It implies information obtained through websites, social media, advertising, account registrations, and marketing efforts, data brokerages, public sources of information, newsletters and list rentals, etc.
This greatly modifies the manner an American organization like as Google’s subsidiary DoubleClick, targets and profiles ads to the internet users in the European Union. The French regular checked that information with Google that how the data is being gathered, accumulated and utilized across 20 dissimilar Google services is comparatively covered. Google, as per the CNIL, breaks up the information all around the documents so that the complete level of the data of Google processing tactics can simply be exposed.
In another statement, CNIL said that “The relevant information is accessible after several steps only, implying sometimes up to five or six actions…” Additionally, CNIL also found that even after going through the relevant information, the documents are deficient in factor in terms of precisely where, as well as how the data of users is used for the promotions.
Since the GDPR came into effect, the biggest giant Google has become the victim of the biggest penalty. According to the reliable sources, the penalty could be even larger. Google is the biggest fish to be trapped in the GDPR yet; however, it certainly won’t be the final. Within the passage of time, DPAs in a variety of countries started leaping into the enforcement dispute.