The National Data Protection Commission (CNIL), France’s data protection office, has imposed a fine of €50 million against Google LLC for breaching the European Union online data privacy rules. This is the first major case where a fine is being imposed under the EU’s stringent General Data Protection Regulation (GDPR) that came into force last year. The French watchdog found the US search engine giant guilty of “lack of transparency, inadequate information, and lack of valid consent regarding ad personalisation.” This case stems from concerns that were raised over Google’s applied methods of collecting data, and the lack of clear options provided for the users to consent to personalised ads. “The general structure of the information chosen by the company does not enable [it] to comply with the Regulation,” read a CNIL statement. “Essential information, such as the data processing purposes, the data storage periods or the categories…
The UK’s Information Commissioner’s Office (ICO) has issued Facebook a penalty notice requiring the payment of £500,000 due to “a very serious data incident”. The fine is the maximum that can be imposed under the United Kingdom’s Data Protection Act 1998, which was the ruling document when the incidents occurred. “We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data,” commented the UK’s Information Commissioner, Elizabeth Denham. The data breach incidents occurred between 2007 and 2014, when Facebook failed to properly monitor the developers using the Facebook platform to build apps, and allowed them access to user information without clear consent. This particular case concerned Aleksandr Kogan and his…