Facebook was also named in the same complaint, which was filed by Max Schrems, an Austrian activist who has been a long-time critic of how both companies collect data on their users. Google and Facebook have been rolling out new policies and products in response to the new legislation, but Schrems said the changes have been inadequate. Specifically, he points to the method the companies use to obtain consent for their privacy policies, which gives consumers an all-or-nothing choice.
“They totally know that it’s going to be a violation,” Schrems said at the time. “They don’t even try to hide it.”
However, the French regulator only targeted Google when handing down its fine, saying the tech giant didn’t do enough to get the consent of users when gathering data. The regulator pointed out that things like data processing and data storage times weren’t available in the same place, leading to consumers having to click five or six times in some cases to find it. In addition, the Commission said Google didn’t get the necessary user consent for personalized ads.
But on Wednesday (January 23) Google stated that its consent process “is as transparent and straightforward as possible, based on regulatory guidance and user experience testing,” according to The Financial Times.
“We’re also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond,” the company added.
While Google declined to reveal its precise grounds for its appeal, one argument could be that under the GDPR companies can select which country’s data protection regulator leads cases against them. In the case of Google, that would be Ireland, which is the legal base of its European operations. However, French regulators said their case was built before Google made that decision.