The highest administrative court in France on Friday upheld a previous ruling ordering Google to pay a fine of around $56 million for not being transparent about Android data privacy practices.
The French Council of State ruled that Google had violated the European Union’s General Data Protection Regulation (GDPR) by not providing sufficient “transparency” for Android users on how their data would be used for targeted advertisements, according to the translated French ruling.
The council upheld a previous 2019 ruling by France’s National Data Protection Commission, or CNIL, that sanctioned Google for breaching the GDPR by making it difficult for users to understand how their personal data was being used.
Google appealed this decision to the Council of State, which on Friday ruled that the original fine of €50 million, or around $56 million, was not “disproportionate” and upheld CNIL’s original decision.
The GDPR, a sweeping data protection rule which went into effect in 2018, requires individuals to give informed consent for their data to be used by companies. Many tech companies not headquartered in Europe, such as Google, have to comply with the GDPR because of their millions of European customers.
Google did not immediately respond to The Hill’s request for comment on the ruling.
The company told The Associated Press that it was taking steps to address the data privacy issues raised by French authorities.
“This case was not about whether consent is needed for personalized advertising, but about how exactly it should be obtained,” the company told the AP. “In light of this decision, we will now review what changes we need to make.”
The ruling is not the first GDPR-related case Google is involved in. Ireland’s Data Protection Commission announced in February that it is investigating Google and dating app Tinder over concerns around their handling of the location data of users.