When the European Union’s (EU’s) General Data Protection Regulation (GDPR, discussed in a December 2017 client alert) took effect May 25, 2018, the French data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), which translates to National Information Rights Commission, began investigating Google’s data privacy practices. Now, the CNIL has imposed on Google a €50 million fine (about $57 million), the largest to date under the GDPR, for lack of transparency, inadequate information, and lack of valid consent regarding its personalized ads. Below is a summary of the enforcement action and what it means going forward.
