The tech giant Google has been hit with a record fine for breaching the EU’s General Data Protection Regulation (GDPR).
The French National Commission on Data Processing and Liberty (CNIL) announced the record €50 million (£44 million) penalty earlier this week.
Google, meanwhile, said it will appeal the decision.
According to the regulator, Google had violated the new data protection laws in two ways. The first for a lack of transparency and information, and the second for not having a legal basis to process user data for personalised advertisements.
“Despite the measures implemented by Google… the infringements observed deprive users of essential guarantees regarding processing operations that can reveal important parts of their private life,” said CNIL.
“Moreover, the violations are continuous breaches of [GDPR] as they are still observed to date. It is not a one-off, time-limited infringement.”
The regulator added: “The information on processing operations for the ads personalisation is diluted in several documents and does not enable the user to be aware of their extent.”
It said the massive penalty was “justified by the severity of the infringements observed regarding the essential principles of GDPR”, although it was not the maximum it could have fined Google.
Under the rules of GDPR, a company can be fined up to four per cent of its annual global turnover. If this were applied to Google, the maximum fine would have exceeded $4.3 billion (£3.3 billion) based on the organisation’s latest financial statements.
In a statement, Google said: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”