Recently, Google was hit with a total of $806 million in fines on the same day, marking a major push by regulators to crack down on data collection practices. On one side of the Atlantic, a jury in San Francisco ordered Google to pay $425 million for misleading users about privacy controls. Meanwhile, French authorities imposed a separate €325 million ($381 million) fine for inserting ads into Gmail and manipulating cookie consent. These actions show a shift towards stronger and more coordinated privacy enforcement worldwide.

San Francisco Jury Finds Google Liable for Privacy Deception

The California case began in July 2020 when a user named Anibal Rodriguez discovered that Google was still collecting his data even after he disabled certain settings. His complaint grew into a class action lawsuit representing nearly 98 million users across 174 million devices. The lawsuit accused Google of having a “fake button” problem—users thought they had turned off tracking, but Google kept collecting data through partnerships with apps like Uber, Venmo, and Instagram.

The case went to trial, and a jury in San Francisco found Google liable for invading users’ privacy under California law. The jury did not find Google acted with malicious intent, so no punitive damages were awarded. Google responded by saying they would appeal the decision, but the jury’s comments suggest many users don’t fully understand how privacy settings work. The jury’s verdict emphasizes that companies can’t simply hide privacy issues behind complicated language.

France’s Heavy-Handed Approach to Privacy Violations

The French penalty came from a complaint filed by an advocacy group called None Of Your Business (NOYB), founded by privacy activist Max Schrems. French regulators found that over 74 million accounts were affected by cookie violations, with more than 53 million users seeing illegal ads in Gmail’s Promotions and Social tabs. The CNIL, France’s data protection authority, fined Google €325 million.

What makes the French fine notable is the threat of daily penalties. Google must fix its privacy issues within six months or face a fine of €100,000 ($117,000) every day. This structure aims to push companies to act quickly, as ongoing fines can add up fast. A Google spokesperson said they are reviewing the decision and have already made some changes to improve user control over ads.

The End of Fragmented Privacy Enforcement

These two large fines happening on the same day highlight a new era in privacy regulation. For years, big tech companies like Google could handle different authorities separately, often settling cases one at a time. Now, regulators are working together more closely, sending a clear message: privacy violations across different countries will be dealt with in a coordinated way.

This shift means companies can no longer treat compliance as a local issue. “The age of jurisdiction shopping is over,” said Gogia, an industry analyst. Companies need to develop global, consistent privacy policies that can stand up to scrutiny everywhere. Despite Google’s vast resources and technical prowess, it still faces repeated penalties, showing that size doesn’t guarantee compliance.

For businesses and IT leaders, this means a new focus on trust and transparency. Privacy compliance is no longer just about avoiding fines—it’s about maintaining reputation and customer confidence. Continuous penalties, like daily fines, create ongoing pressure to prioritize privacy measures and ensure court orders are followed. The days of one-off fines are giving way to a more persistent, systemic approach to privacy enforcement worldwide.

Inspired by

• https://www.computerworld.com/article/4051435/google-hit-with-806m-in-penalties-from-us-and-french-authorities-over-privacy-issues.html

Sources

• gmpg.org
• justia.com
• courtlistener.com
• bloomberglaw.com
• cnil.fr