Google has been fined 50 million euros (about $57 million) by a French regulator for not properly disclosing to users how their data is collected and used for targeted advertising.
The penalty is the biggest yet imposed under a new European privacy law that went into effect in 2018. The European Union’s General Data Protection Regulation gives Europeans more control over their information and how companies use it.
France’s National Data Protection Commission said Monday it imposed the fine after determining Google hadn’t met its obligation for transparency by making information about its data collection easily accessible to users. The commission found that Google didn’t present information about data-processing purposes and data-storage periods in the same place, sometimes requiring users to make five or six clicks to obtain the information.
The commission also found that Google hadn’t presented the information in a clear and comprehensive manner, saying the company’s descriptions are “too generic and vague.” Google also didn’t obtain valid user consent for personalized ads because of insufficient information, the commission said.
The GDPR, which went into effect in May, introduced tougher rules on processing and storing personal data and requires companies to seek explicit consent before using personal data. Companies must be able to provide its users with a copy of their personal data and are required to report data breaches within 72 hours.
Google didn’t immediately respond to a request for comment.