Print PDF


RSSAdd blog to your RSS reader

All Topics

Contact Us



Google Has Been Fined Almost $57 Million for GDPR Violations

Following the enactment of the European Union’s General Data Protection Regulation (“GDPR”), which went into effect on May 25, 2018, Google has now been fined heavily for violations of the law.  On January 21, 2019, the Commission nationale de l’informatique et des libertés (“CNIL”), the French data privacy authority, fined Google €50 million (approximately U.S. $57 million) for violating the GDPR because it did not properly ask its users for consent to use their data to personalize advertising and because the company makes it too hard for users to find out how their personal information is used and how long that information is stored.  This is the largest financial penalty for a privacy breach in Europe.  CNIL’s press release can be viewed here: Press Release

Google plans to appeal the fine; however, this will likely be the first of many actions against companies, including U.S. companies, for violations of the broad GDRP rules.  

While the GDPR is an EU law, it does apply to many U.S. companies.  Moreover, U.S. companies will start facing similar rulings in the U.S. as privacy laws are passed here.  Indeed, California has already signed the California Consumer Privacy Act of 2018 (CCPA) into law, which will become operative on January 1, 2020.  The full text of the CCPA can be viewed here.  

TAKEAWAY: The protection of consumers’ personally identifiable information is extremely popular right now and companies cannot afford to overlook the new laws that are being passed in the U.S., the EU and elsewhere.  The broad language in the GDPR can apply to companies even if they are not based in the EU.  We recommend that companies take a close look at their data collection and storage procedures, their privacy policies and their agreements with consumers to ensure that they are on their way to becoming compliant with any privacy regulations that could affect them. 

Back to Page