Google Fined $50 Million For Data Violation

John Lister's picture

Google's use of data to personalize advertisements could cost it more than $50 million. It's been fined for breaching European rules on data protection.

The fine comes under the General Data Protection Regulation (GDPR), a set of rules drawn up by the European Union and covering activity in 27 countries. It follows a complaint filed by privacy groups the day the rules came into force last May.

The breach is all to do with Google's obligation to get user consent before using personal data to provide targeted ads - one of the key aspects of the company's business. Although Google does allow users to opt out of some data use, French regulators said it had fallen short in two ways.

Consent Was Not Clear

The first was that users couldn't give the required "clear consent" because the details of what Google did with data were spread out over multiple documents, making it difficult to "understand the extent of the processing operations."

The second was that Google's policy of a "pre-ticked" consent box when setting up an account wasn't adequate, despite user's being able to opt out. That's because this consent box is an "all-or-nothing" covering the use of data in multiple ways. GDPR says consent must specifically cover a particular purpose.

Fine Could Have Been Way Higher

The regulator noted that not only had Google breached the rules at the time of the complaint, but was yet to change its policies. It fined Google €50 million (US$56 million). While that's a hefty amount, it's nowhere close to the legal maximum. GDPR violations can mean a penalty of up to four percent of annual global turnover, which would have run into the billions for Google. (Source:

Google hasn't admitted any wrongdoing and says it will review its options. It issued a statement, stating that "people expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR." (Source:

What's Your Opinion?

Do the rules seem fair to you? Do you feel you understand what Google does with your personal data? Is it right that maximum fines be based on a company's turnover rather than being a fixed amount?

Rate this article: 
Average: 5 (2 votes)


oldboyrip_9099's picture

For once the EU has done some good! Here in Europe we've all received endless notifications about GDPR. No doubt Google won't be the last company to find out that GDPR has 'some teeth'. It's a pity it wasn't in place before Facbook did all their underhanded tactics with Cambridge Analytica. If it had been, Facebook would have probably been out of business by now as the fine would have been so massive - and the world would be a better place for their demise. May be people would have actually talked to each other over dinner instead of continually looking at their mobile phone!

Chief's picture

this type of Regulation will do nothing except stifle Innovation and growth. If you don't like it don't use it. Don't get me wrong, I'm all for privacy, but caveat emptor.

David's picture

Sorry, caveat emptor shouldn't apply when the caveats are hidden or just plain lied about by the seller. And given the abuses perpetrated by social media companies, search engine companies, and so forth, more regulatins with bigger teeth may be needed.