Leading the Way in Russian Law
 


NEWS

more news

PUBLICATIONS

more publications

EVENTS

more events

RECENT DEALS

Legal support of the fund established by inheritors of the famous Tove Jansson in monitoring online and offline infringements and protecting their copyrights to Moomin characters in Russia
more recent deals


  • Maria Baytenova,
    Legal Trainee

RSS  RSS Feed to Legal Updates

NEWS & PRESS RELEASES  |  ARTICLES  |  BOOKS  |  LEGAL UPDATES  |  MEDIA ROOM  |  RSS FEEDS  |  SUBSCRIBE


Google was fined for 50 million euros for violating the GDPR requirements


 
On January 21, 2019, the National Data Protection Commission (CNIL) of France fined Google LLC for 50 million euros for violating the requirements of the GDPR. This is the largest penalty imposed on the GDPR since its entry into force on May 25, 2018 so far.
 
The French regulator received complaints from the organizations “None Of Your Business” and “La Quadrature du Net”, which argued that Google LLC has no legal basis for processing personal data of its users, in particular, for the purpose of personalizing ads.
 
Having studied the process of registering users when creating an account with Google using mobile devices on the Android platform, gaining access to documents for giving an informed consent to the processing of personal data, the CNIL came to the following conclusions:
 
1. The principle of transparency in the processing personal data was not respected; there was no clear and accessible form of consent to the processing of personal data.
 
Information on the purposes of personal data processing, their storage period and the categories of personal data processed war located in different documents and connected by cross-references. It was necessary for the user to perform 5-6 actions on average and to constantly move from one document to another to obtain the necessary information.
 
Moreover, in many documents, the processing goals and the categories of personal data processed were indicated by general, vague descriptions, and the storage period was not specified at all.
 
2. Consent was not sufficiently informed, specific and unambiguous.
 
By agreeing to the processing of personal data in the service of personalized ads, the user did not understand how many services, websites and applications would actually process his personal data (Google search, YouTube, Google home, Google maps, Playstore, Google pictures, etc.).
 
Moreover, the editing of advertising settings was possible only after the user was registered, by unchecking the consent check boxes that were already set by the service itself. Initially, the user can only give general and complete consent to the processing of all his personal data by all services, which violates the basic provisions of the GDPR.
 
Given the position of Google in the market and the company's impressive revenue from ads personalization, the seriousness and duration of the offenses, the CNIL imposed a fine of 50 million euros.
 
Thus, the main reason for the imposition of such a large fine was the failure to comply with the requirements of the GDPR regarding the consent form for the processing of personal data and the way this consent was received.
 
If the activity of Russian companies is related to the processing of personal data of European users, they also fall under the GDPR and should take into account the strict approach to the GDPR application and the conclusions made by the French regulator in this matter.
 


back to Legal Updates   |   print page



TOP M&A
Legal Advisor
in Russia


Recommended in
All Key Practice Areas


Recommended Firm
for Dispute Resolution
in Russia


Best Life Sciences
Practice in Russia


Best Life Sciences practice,
recommended in corporate 

and M&A, dispute resolution 
in Russia


The Most Visible
Russian Law Firm


Recommended in
Key Practice Areas

Open Partnership: 
an inside look