French data watchdog hits Google with €50m fine

France's National Data Protection Commission (CNIL) has fined Google €50m ($56.8m) after concluding that the search giant breached the EU's General Data Protection Regulation (GDPR). The CNIL issued the fine, the largest GDPR fine to date, following a complaint by Max Schrems' privacy group NOYB and French advocacy group La Quadrature du Net. The CNIL ruled that Google had offered users inadequate information, which it spread across multiple pages, having failed to attain valid consent for ads personalization. The agency investigated the process for setting up a Google account from an Android device, concluding that the search engine giant breached GDPR in two ways: failing to obtain a legal basis for processing, and failing to meet transparency and information requirements. In a statement, the CNIL said: "The purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes." It explained: "The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent."