Google hit with record GDPR fine
Google has become the first major casualty of Europe's new General Data Protection Regulations (GDPR) and has incurred a €50 million fine for failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.
Google has yet to respond to the fine and may appeal.
While the fine is large by traditional standards, the GDPR allows for fines of up to €20 million or 4% of annual turnover so this represents only a fraction of the possible maximum fine. However, it is sure to make the tech and social giants sit up and take notice as to how they treat customers and their data.
The complaint related to setting up new Android phones and whether or not users were able to fully follow the consent process Google took them through. The court ruling says Google used an opt-out process where it should have required users to opt in to any data collection and that the information about what data Google would collect and how it would use it was scattered around in several places, making it difficult for users to understand what they were agreeing to.
Although the GDPR regulation has only been active for a few months, a number of high profile cases are already pending. Along with Google's case, Apple, Netflix, Spotify and Amazon will face challenges over their approach to data privacy in the coming months.
In New Zealand calls for a new Privacy Act that follows the lead of the GDPR are growing louder and with a draft bill before parliament, we could soon see similar data protections here in the years ahead.