Google has been found guilty of breaching the EU’s data protection rules after complaints were made against the tech giant by two privacy rights groups.
French data regulator CNIL has fined Google 50 million euros (£44m) for its "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation".
With International Data Protection Day a week away, application security company Veracode believes this fine is the “start of a challenging 2019 for businesses when it comes to compliance”, warning companies to take the news as a timely reminder that they must get their houses in order with data protection and governance.
“The fine against Google is an indication of the serious focus on privacy and security by regulators. Global enterprises must take steps to ensure security hygiene and compliance with standards to reduce their risk and protect data,” said Paul Farrington, director of solutions architecture (EMEA) at Veracode.
CNIL said that people were "not sufficiently informed" about how Google collected data to personalise advertising.
In a statement, Google said it was "studying the decision" to determine its next steps.
Software company Certes Networks think that despite sounding like a hefty sum to pay, Google may have actually got off lightly.
“Compliance is not a joke, yet it’s clear that many are still not taking steps to protect their data or maintain a level of transparency with their users,” commented Certes Networks CEO Paul German.
“Despite Google clearly being non-compliant, the fine is clearly not as punitive as it could have been; the fine, although high in real terms, is unlikely to send Google into a panic as it could for other organisations.
“It has been eight months since GDPR came into effect which means over the next few months, we can expect to see other big brands dragged over the coals. The next question is: who will be next?”
The PCR Awards 2019 take place on 6th March at The Brewery, London. Buy your tickets here.