Google loses data protection case appeal
Google has lost an appeal against France, which fined the tech giant $56 million for failing to be transparent with Android users about their data protection.
The AP reported the news:
France’s highest administrative court has upheld a fine of 50 million euros ($56 million) Google was ordered to pay for not being “sufficiently clear and transparent” with Android users about their data protection options.
Google was first slapped with the fine in January 2019, the first penalty for a U.S. tech giant under new European data privacy rules that took effect in 2018.
Google appealed the penalty issued by the French data privacy watchdog to the Council of State, France’s final arbiter in such cases.
Gaspard Sebag from Bloomberg wrote:
The fine issued by France’s data authority CNIL in January 2019 was by far the biggest levied under the EU’s General Data Protection Regulation, or GDPR. The EU measures took effect in May 2018 and gave national privacy regulators powers to fine companies as much as 4 per cent of global annual sales for the most serious violations.
In Friday’s ruling, the Conseil d’Etat considered the 50 million-euro fine wasn’t disproportionate, given the particular seriousness of the wrongdoing.
TechCrunch’s Natasha Lomas reported:
While the size of the fine is still relative peanuts vs Google’s parent entity Alphabet’s global revenue, changes the tech giant may have to make to how it harvests user data could be far more impactful to its ad-targeting bottom line.
Under European law, for consent to be a valid legal basis for processing personal data it must be informed, specific and freely given. Or, to put it another way, consent cannot be strained.
In this case French judges concluded Google had not provided clear enough information for consent to be lawfully obtained — including objecting to a pre-ticked checkbox which the court affirmed does not meet the requirements of the GDPR.