Analyzing Early GDPR Enforcement: France

The GDPR enforcement landscape is beginning to fill out, with the French Data Protection Authority (CNIL) levying GDPR’s biggest fine so far – €50 million – against Google LLC. The CNIL’s January 21, 2019 enforcement notice cites lack of transparency, inadequate information and lack of valid consent regarding Google’s personalization of ads. The case “confirms the importance of transparency to GDPR compliance,” Daniel Alvarez, a partner at Willkie Farr, told the Cybersecurity Law Report. “It’s a theme that pervades the regulation, and this action reflects that.” In this article, we examine the case and its compliance and enforcement implications, including persistent ambiguities about the calculation of fines. In previous articles in this series, we analyzed, with input from local sources, actions against a Portuguese hospital and a German social media company, as well as against small Austrian businesses and a Canadian data aggregator. See “Countdown to GDPR Enforcement: Final Steps and Looking Ahead” (May 16, 2018).

To read the full article

Continue reading your article with a CSLR subscription.