GDPR Fine-O-Meter Rockets after Google Ruling

Written by Margaret Briffa | January 23, 2019

Data Protection

The GDPR Fine-O-Meter has rocketed with news that the French authorities have fined Google 50 Million Euros for data breaches under the GDPR.

Introduced in May 2018, the regulations which apply EU wide give individuals more control over their data than previously, with businesses needing to seek consent for specific uses. As well as imposing stricter rules for handling data the regulations allow the regulatory authority in any member state to impose seriously painful fines which can be as high as 4% of turnover. In Google’s case this could have amounted to around 4 billion Euros. Viewed that way Google got off lightly and certainly far more lightly than last summer when they were fined 3.8 billion by the EU for breach of competition law committed by pre-installing a Google search browser in Android devices sold in Europe.

This French ruling really drives home the need to make sure that you genuinely comply with the regulations. Mere superficial compliance is not enough as different countries will have different attitudes to ensuring compliance. While Google’s base of operations for Europe, Middle East and Africa is for tax reasons in Ireland, it was the French Regulator supported by lobby groups in France who were determined to bring Google to book.

So are there any lessons to be learnt from the decision in this case from comments made by the regulator. If there are these are the things to note:

  • You need to make it easy for users to find essential information about how their data will be used and stored.
  • You should avoid splitting this information across multiple documents help pages and screens. Transparency is key.
  • You should give users the opportunity to consent to different uses – not just opt in or out of all the users you intend to make.

This decision will no doubt send alarm signals to all tech companies who do business in Europe, even ones that are not giant and some review of exposure and risk should be undertaken. Do you carry on as before on the assumption that the authorities in France wanted to make an example of Google, and that further enforcement and huge fines are unlikely. Alternatively do you invest a little bit of time and resource reviewing and amending your consent-gathering practices to make sure that users are ticking OK to every last purpose for which their personal data is to be used.

It’s not too late to get your GDPR in order and it may be advisable in the current climate to do just that.

Written by Margaret Briffa

Related articles

Data Protection September 5, 2023

Why Do I Need A Non-Disclosure Agreement For My Business?

A non-disclosure agreement (NDA) is a contract that legally binds two parties to not share confidential information with third parties. In simpler terms, an NDA is a tool that helps…
Data Protection August 11, 2023

Transferring personal data between the EU and the US just got a little bit easier

Last month, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework. The decision means that the European Commission is now satisfied that the US ensures an…
Back to blog

Book a free consultation with one of our specialist solicitors.

We’ll start with a no obligation chat where we’ll get to know you and understand your current challenges.

Book your free consultation now

Looking for more information?

Explore our services Key industry sectors Briffa content hub