First GDPR massive fine against Google by the CNIL
The CNIL just fined Google €50M for breach of the GDPR. In this decision, the CNIL considered that Google mainly breached the GDPR for:
- lack of transparency (information not easily accessible nor available to data subjects); and
- relying on consent, where such consent was not valid.
In this case, the consent was bundled, not sufficiently informed (scope of the processing), nor unambiguous. There is much more to come as Max Schrems’s NGO (“None of Your Business”) and La Quadrature du Net filed complaints on 25 and 28 May 2018 in several jurisdictions against GAFAM. Further information on the CNIL’s website and the decision in French.