Businesses are being warned to ensure they comply with privacy regulations after search giant Google was hit by the first major fine under the new GDPR regulations.
The French data protection authorities handed Google the record €50m fine for a lack of transparency and failing to obtain valid consent from users of its Android operating system to tailored advertisements based on their usage.
Phil Brown, a data protection specialist at regional law firm Napthens, warned that although the fine is the biggest seen since the introduction of the GDPR, it falls some way short of the maximum fine that could have been imposed, 4 per cent of global turnover. For a company the size of Google this amount could have run into billions of pounds.
The authorities considered that Google failed to obtain specific and informed consent as privacy options were ‘pre-ticked’ as default, and spread over a number of pages. French authorities decided this made it difficult for users to understand the small print.
Phil explained that while Google was one of a number of tech giants targeted by privacy campaigners who made a number of complaints on the introduction of the GDPR, it is a stark reminder to all businesses that the data protection authorities are taking their new powers seriously.
“Closer to home it is not just the tech giants who are being targeted, and the ICO recently issued a number of fines across the business, manufacturing and finance sectors for non-payment of the data protection fee, with a large number of SMEs seemingly unaware of their obligations.
“The big fines take all the headlines, but we are starting to see action at the lower end of the scale, and these are timely reminders that businesses which fail to put in place appropriate protection and comply with their obligations are being held to account.”