• Share

The French counterpart to our own Information Commissioner, the Commission nationale de l'informatique et des libertés (CNIL), has issued a €50 million fine (£44 million or nearly US$57 million) against Google LLC.

The investigation by CNIL and the resulting fine came about following complaints submitted to CNIL in May 2018 by two data protection pressure groups: None of Your Business (NYOB) led by privacy campaigner Max Schrems, and La Quadrature du Net (LQDN) on behalf of 9,974 individuals.

 These complaints were that:

  • Android mobile users were forced to accept Google’s privacy policy and general terms and conditions in order to use their device (submitted by NYOB); and
  • Google has no lawful basis to process personal data for behaviour analysis and advertising personalisation (submitted by LQDN).

The CNIL found that while Google had made progress in its data protection practices in recent years, it had still failed to comply with the requirements of the GDPR by:

  • not processing personal data in a transparent manner;
  • not providing sufficient or satisfactory information to data subjects regarding its processing activities; and
  • collecting invalid consent to the processing of personal data for advertising personalisation.

Under the GDPR the maximum fine that CNIL could have imposed was 4% of Google’s annual worldwide turnover. Doing so would have left Google with a bill for €3.84 billion (US$4.28 billion or £3.35 billion). On reflection, CNIL’s fine (0.005% of Google’s turnover), while much more significant than any levied under the old data protection rules, could certainly have been worse. As the European Information Commissioners adjust to their new powers and sanctions, perhaps we will see more willingness to impose substantial fines. Of course, it is best to avoid fines altogether!

Mewburn Ellis advises a wide range of international and domestic clients on how to achieve and maintain GDPR compliance.

If you would like to speak to a member of the team please contact  Emma Kennaugh-Gallacher at  emma.kennaugh-gallacher@mewburn.com

Emma is a member of our legal services team with experience in IP licensing and assignment and confidentiality agreements. She also works with our dispute resolution team providing support for early stage IP litigation for infringement of copyright, trade marks, registered and unregistered design rights and patents. Emma successfully gained the BCS Practitioner Certificate in Data Protection, a qualification which relates to both the background and the practical application of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Sign up to Forward - news, insights and features

Our People

Our IP specialists work at all stage of the IP life cycle and provide strategic advice about patent, trade mark and registered designs, as well as any IP-related disputes and legal and commercial requirements.


Contact Us

We have an easily-accessible office in central London, as well as a number of regional offices throughout the UK and an office in Munich, Germany.  We’d love to hear from you, so please get in touch.