Google has been hit with a $57 million fine for violations of the EU’s GDRP privacy regulations.  CNIL (French data protection regulators) concluded that Google had failed to comply with the law.

Lack of Transparency

When setting up Android phones, the regulators said Google did not disclose “essential information” to users.  This includes things like how data is used, which data is used for ad targeting, and data storage periods.  The agency said even if you could find the information, it was spread out over various documents and difficult to find.  They cited one example concerning ad targeting, which they said took 5-6 clicks in order to find it, according to Tech Crunch.

In announcing the fine, they also said the wording used is broad and “obscure on purpose” to make it difficult to understand.

Consent Bundling

Consent bundling is not allowed under GDPR rules.  The group says Google pushes you to do so by its default set-up which asks you to set up a Google account and provides diminished usage if you don’t sign up.  CNIL wants Google to separate account sign-ins from device setup.

In addition, the CNIL reports that Google also violated GDPR regulations on broad consent.

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.” – Google statement to NY Times

This fine is the first major one against a US company for violating GDPR regulations.