Google has been fined by CNIL (Commission Nationale de l’informatique et des Libertés) on the 7th of December 2020, for placing advertising cookies in the users’ computers without obtaining their consent.
Following the investigation, it was found that the ‘’Privacy reminder from Google’’ banner did not inform the user about the cookies that were already installed on their device when the website was accessed, violating one of the fundamental principles of the GDPR (The General Data Protection Regulation)
Moreover, according to CNIL, even when the user deactivated the advertising ad, some cookies remained installed on the device.
Therefore, the French Authority imposed a penalty of €60 million on Google LLC and €40 million for Google Ireland. It is one of the biggest fine imposed for such a data breach.
Google declared it will make the necessary changes to comply with the law: “This case was not about whether consent is needed for personalised advertising, but about how exactly it should be obtained. In lighoflightlight of this decision, we will now review what changes we need to make.”
Sovy’s GDPR Essentials can help you with each of the steps laid out above:
- Walk through a data mapping exercise and build your data inventory.
- Train your employees with industry-standard eLearning courses.
- Maintain your compliance program in the cloud
- Manage cookie consent and data rights