In this episode I visit with Jonathan Armstrong and André Bywater on the recent fine levied by the French Data Privacy regulator CNIL against Google for violations under GDPR. Some of the highlights are:

  1. The case is the first major GDPR fine against a US company.
  2. It demonstrates the lack of forum shopping available to US companies which are looking for a softer regulatory approach.
  3. How did the regulators investigate, review and assess a fine and penalty so quickly as GDPR only came into effect last May?
  4. What were the two basis of legal violations under GDPR?
  5. What are the key takeaways on the case?
  6. How was the quantum amount determined? Is it reasonable?
  7. Will Google appeal to the European Court of Justice?

For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.