CNIL cited Google for not clearly explaining to users that the legal basis for their data collection and processing relies on user consent, and not the company's legitimate business purposes.
In a statement obtained by ABC News, a Google spokesperson said the company is "studying the decision" to determine its next steps.
Although Google's European headquarters is in Ireland, it was decided among the authorities that the case would be handled by the French data regulator, since the Irish watchdog did not have "decision-making power" over Google's Android operating system and Google's services. Information on how a user's data is going to be processed, stored, and used were spread across several different documents that required clicking through multiple buttons and links to find, as many as 6 according to the regulator's examination. The agency also accused Google of not properly obtaining user consent for showing them personalized ads.
Trump's border wall gambit fails to end record shutdown
The shutdown , the longest in history, has affected 800,000 federal workers. "The President's proposal reflects that. The Trump administration said in September 2017 it would rescind DACA but it remains in effect under court order.
The €50 million ($57 million) fine on the USA company whose revenues for 2017 were $109.65 billion was due to a lack of transparency and clarity in the way it informs users about its handling of personal data. [.] Therefore, the user gives his or her consent in full, for all the processing operations purposes carried out by GOOGLE based on this consent (ads personalization, speech recognition, etc.).
The GDPR, which went into effect May 25 of past year, requires companies to obtain people's consent before using their data for ad targeting.
Google has yet to issue a statement on the fine.
CNIL also calls out Google's sign-up process, which sees the firm pushing users to sign up for a Google account when setting up a device - a move that's illegal under the GDPR's content bundling rules. Instead, it said, people are largely unaware of the data they are agreeing to share, or how Google plans to use the information. Moreover, the watchdog notes that the choice of ads personalisation is a pre-ticked box, another no-go under GDPR. Then, the restricted committee observes that the collected consent is neither "specific" nor "unambiguous".
It added that "the collected consent is neither "specific" nor "unambiguous", because it was hard for users to modify preferences on where their data was used, particularly concerning targeted ads.