Issues of lack of transparency and consent formed the basis of the CNIL’s $57 million dollar fine against Google under the GDPR. CNIL is France’s highest ranking data-privacy agency. It’s the first large penalty for a U.S. technology company since the GDPR went into effect last May.
In finding that Google violated the GDPR, the CNIL focused on the level of complexity in finding sufficient information (notice) regarding the use of personal data for targeted advertising, the use of pre-checked boxes to obtain user consent and the level of choice available to users. This fine represents (by far) the largest penalty issued under the GDPR to date. DBR on Data will provide more information as it becomes available and will have a follow up post.
A brief summary in English and CNIL’s decision is available here (in French).