Many have heard about the French data regulator CNIL imposing a $57 million (€50 million) fine on Google for violating the General Data Protection Regulation (GDPR), specifically for failing to make its data collection policies easily accessible while also failing to obtain sufficient and specific consent for ad personalization across its services. This comes as the first major GDPR violation since its inception in May of 2018. CNIL indicates that Google’s approach to gathering personal data makes it hard for users to understand what data is being collected and sold, while not being transparent in the ability to opt out.
Although this is not the first fine imposed for violating GDPR, it is by far the largest. In December, a Portuguese hospital was fined €400,000 after its staff permitted unauthorized access to patient records, while a German social media and chat service was fined €20,000 in November for storing passwords in plain text.
Will there be a change to the privacy policies and settings from providers such as Google, or will it change the user experience of such services? According to CNIL, these violations are yet to be remediated, and after all, the fine represents less than three hours of Google’s revenue. Will organizations continue to assess and mitigate risks related to the consent, privacy and protection of EU personal data, or will they be willing to accept the risk of being breached and/or face the fines for noncompliance with GDPR?
GDPR is not going away, and it is only a matter of time before additional privacy regulations are adopted domestically and internationally.
If you have any questions related to the GDPR or the privacy and protection of data, please visit our GDPR Compliance page.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.