BREAKING: CNIL fines Google € 50 Mio based on noyb complaint

21 June 2019
google fine

Key Info

  • The French data protection authority (CNIL) just has announced that it has imposed a record fine of € 50 million on Google for violating the GDPR today (Link)
  • The penalty is based on two complaints by and the French NGO ‘La Quadrature du Net’ based on ‘forced consent’ on May 25, 2018 (More Information on the original complaints)
  • Fine of € 50 million is the highest fine for privacy violations so far (the maximum fine under GDPR based on 4% of the turnover of Google would be € 3.7 billion)
  • Google moves its European operations to Ireland tomorrow (Jan 22, 2019) and will then be regulated by the Irish Data Protection Commissioner as the ‘lead authority’.


First Statement by

Max Schrems, Chairman of noyb: “We are very pleased that for the first time a European data protection authority is using the possibilities of GDPR to punish clear violations of the law. Following the introduction of GDPR, we have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products. It is important that the authorities make it clear that simply claiming to be compliant is not enough. We are also pleased that our work to protect fundamental rights is bearing fruit. I would also like to thank our supporters who make our work possible.”

Background on noyb

noyb gets privacy on your phone. Article 80 of the GDPR foresees that data subjects can be represented by a non-profit association, as individual users are usually unable to file the relevant legal complaints. In the new case of noyb (‘Right to Access‘)  ten users are represented by the non-profit organization. Schrems: “noyb is meant to reasonably enforce the new law, so that the benefits actually reach the users.

Funding still on the way. So far, is funded by over 3,100 individual supporting members and sponsors (for example, or the City of Vienna). In order to finance the fight against data breaches in the long term, the association is looking for more supporting members. So far, the budget for 2018 is only 75 % funded. Schrems: “In 1995 the EU already passed data protection laws, but they were simply ignored by the big players. We now have to make sure this does not happen again with GDPR – so far many only seem to be superficially compliant.



Our work is made possible by more than 3.100 supporting members – and maybe you?