Google has been fined 50 million euros by the French data censor CNIL, for a breach of the EU's data protection rules. CNIL said it had levied the record fine for lack of transparency, inadequate information and lack of valid consent regarding ads
personalisation. It judged that people were not sufficiently informed about how Google collected data to personalise advertising and that Google had not obtained clear consent to process data because essential information was disseminated across several
documents. The relevant information is accessible after several steps only, implying sometimes up to five or six actions, CNIL said. In a statement, Google said it was studying the decision to determine its next steps. The first complaint
under the EU's new General Data Protection Regulation (GDPR) was filed on 25 May 2018, the day the legislation took effect.The filing groups claimed Google did not have a valid legal basis to process user data for ad personalisation, as mandated by the
GDPR. Many internet companies rely on vague wording such as 'improving user experience' to gain consent for a wide range of data uses but the GDPR provides that the consent is 'specific' only if it is given distinctly for each purpose. Perhaps this fine may help for the protection of data gathered on UK porn users under the upcoming age verification requirements. Obtaining consent for narrowly defined data usages may mean actions could be taken to prevent user identity and browsing history from being sold on.
| 
