Google hit with largest fine for data protection ever for GDPR breach
The £44 million fine will take Alphabet just 13.2 hours to pay based on Q3 2018 profits.
Google has been hit with the largest fine for data protection – £44 million (€50 million) – under the new General Data Protection Regulation (GDPR) by the French data regulator, CNIL.
Matthew Holman, Principal and Head of Data Protection in our commercial team, comments:
“This is just the first of what could be a wave of ‘mega’ fines under GDPR. It is a dramatic first step in the new world of GDPR fines. It also means that other companies, such as Facebook, British Airways and Marriott, all of whom have suffered large scale security breaches, will be watching with baited breath to see if the UK ICO follows suit."
"Google will almost certainly appeal this record breaking fine. The size of the £44 million fine gives an indication of the likely size of fines that could be levied by other European regulators, including the UK’s ICO. This fine is about having poorly drafted privacy policies and having opaque processes for collecting personal data.”
The maximum penalty for a breach of GDPR is €20 million (£17.7 million) or 4% of a company’s global turnover. Google Ireland had a turnover of €32.2 billion in 2018. This means the total fine that Google Ireland could have received would have been €1,288,000,000
The regulator says it judged that individuals were ‘not sufficiently informed’ about how Google collected data to personalised data.
For more information, please call 0345 070 6000 or contact Matthew Holman.
Click here to find out what our Data Protection team can do for you.