Tech giants Amazon, Apple, Google, Netflix and Spotify have all been accused of not complying with GDPR, Europe’s data privacy regulations, and could face hefty fines for continuous violations. Things have now escalated, as Google has to pay a fine of 50 million euros for an ongoing violation after French data regulator CNIL accused the company of “lack of transparency, inadequate information and lack of valid consent regarding ads personalization,” writes the BBC.

“The user gives his or her consent in full, for all the
processing operations purposes carried out by Google based on this consent (ads
personalization, speech recognition etc.),” CNIL said. “However, the GDPR
provides that the consent is ‘specific’ only if it is given distinctly for each
purpose.”

The regulator says Google’s
consent policies are neither transparent enough nor “easily accessible,” which
kept users in the dark about how their personal data was used in personalizing
ads and other services. Also, the information was “disseminated across
several documents” making it difficult for users to review.

“The relevant information is accessible after several
steps only, implying sometimes up to five or six actions,” the regulator
said. “Users are not able to fully understand the extent of the processing
operations carried out by Google.”

CNIL acted upon complaints filed in
May by privacy advocates noyb and La Quadrature du Net (LQDN) as soon as
legislation went into effect.

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said in a statement to a local publication. “We’re studying the decision to determine our next steps.”