The fine marks the first time a major tech company has been penalised under the new privacy law. The General Data Protection Regulation, GDPR, went into effect in the EU last May – setting forth universal data privacy laws across the European Union and created projections for user’s online data.
As part of the regulation, companies are required to get a user’s “genuine consent” before collecting information about them. That particular consent needs to happen in the form that that user explicitly opting in to share their data. They also need to provide a way for users to delete that data.
Last week Apple CEO Tim Cook penned an op-ed in Time where he suggested similar privacy laws be instated in the United States. CNIL issued the fine because Google did not meet the country’s standards for providing information to consumers about how their data is being used, nor did it provide enough information about its data consent policies.
While that $56mn may seem like a massive fine, it is not as high as GDPR fines can get. Companies can be fined a maximum of 4% of their annual global turnover.
For companies like Google, that amount could easily wind up being billions of dollars.