France's National Data Protection Commission (CNIL) has fined Google €50m ($56.8m) after concluding that the search giant breached the EU's General Data Protection Regulation (GDPR).
The CNIL issued the fine, the largest GDPR fine to date, following a complaint by Max Schrems' privacy group NOYB and French advocacy group La Quadrature du Net.
The CNIL ruled that Google had offered users inadequate information, which it spread across multiple pages, having failed to attain valid consent for ads personalization.
The agency investigated the process for setting up a Google account from an Android device, concluding that the search engine giant breached GDPR in two ways: failing to obtain a legal basis for processing, and failing to meet transparency and information requirements.
In a statement, the CNIL said: "The purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes."
It explained: "The information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent."
The CNIL acknowledged that, while a user was able to make some modifications to their account after it had been created, it did not mean that the GDPR had been "respected".
The announcement from the CNIL followed yesterday's news that Austrian privacy campaign None of Your Business had filed a complaint accusing eight tech giants of GDPR violations including Amazon, Apple, Netflix and YouTube.