Google has been fined 50 million euros (about $57 million) by a French regulator for not properly disclosing to users how their data is collected and used for targeted advertising.
The penalty is the biggest yet imposed under a new European privacy law that went into effect in 2018. The European Union’s General Data Protection Regulation gives Europeans more control over their information and how companies use it.
France’s National Data Protection Commission said on Monday that it imposed the fine after determining Google hadn’t met its obligation for transparency by making information about its data collection easily accessible to users.
The commission found that Google didn’t present information about data-processing purposes and data-storage periods in the same place, sometimes requiring users to make five or six clicks to obtain the information.
The commission also found that Google hadn’t presented the information in a clear and comprehensive manner, saying the company’s descriptions are “too generic and vague.” Google also didn’t obtain valid user consent for personalized ads because of insufficient information, the commission said.
“People expect high standards of transparency and control from us,” a Google spokesman said. “We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”
The GDPR, which went into effect in May, introduced tougher rules on processing and storing personal data and requires companies to seek explicit consent before using personal data.
Companies must be able to provide their users with a copy of their personal data and are required to report data breaches within 72 hours.