Yesterday, tech giant Google was fined €50m (£44m) for breaching the General Data Protection Regulation (GDPR) introduced in the EU last year. It’s the first major GDPR fine, and easily the largest to date.
GDPR is now clearly a serious issue, but for many business owners, it remains something of a mystery, so what is this major incident really all about?
Why has Google been fined?
The fine relates to advertising, and stems from a pair of complaints filed in France alleging that under the GDPR, Google had processed personal data improperly in order to display personalised ads.
The fine was levied by CNIL, a French data regulation body, which ruled that Google had not shown enough transparency in the way it harvested data for advertising, nor had it gained adequate consent from users to do so.
Who filed the complaints?
When were the complaints filed?
One of the two complaints was filed on May 25th, 2018. If you’ve brushed up on GDPR, you will know that this was the day the regulation came into effect, showing that advocacy groups were wasting no time in bringing digital giants to task over failing to comply with the new law.
The other complaint came soon after, with both reportedly filed in May 2018.
Is it the most Google has ever been fined?
No. Although the fine is being widely reported as ‘record breaking’, it’s only a record for GDPR breach fines. As recently as last July, Google was actually fined €4.3bn (£3.8bn) relating to its use of apps on Android devices.
This dwarves Monday’s fine, but according to Bloomberg, even this huge sum only represented around 16 days’ revenue for Google.
How has Google responded?
Google has given a brief statement underlining its commitment to complying with the GDPR and says it is now “studying the decision”, so the issue may not be done and dusted just yet.
What can we learn from this?
It is important to realise that the size of this fine is due to the size of Google, so eight-figure penalties for GDPR non-compliance are not the norm. However, what is also important to remember is that while Google can afford these huge financial stings, the average SME will be hit much harder by a far more modest fine.
Internet rights groups and regulators quite rightly take GDPR seriously, and so should all business owners. If you want to know whether your site complies, and what you can do if it doesn’t, speak to Engage Web today.