In response to complaints from 2 French civil rights advocacy groups, national privacy authority CNIL has fined Google 50M EUR for alleged lack of sufficient transparency and consent in the personalization of digital ads, specifically with regard to:

• Purpose to which personal data would be put, and how long they would be retained
• Validity of consent obtained

Faults CNIL found with the mechanics Google's process for obtaining consent to personalize ads include:

• Dispersal over multiple digital documents of important information for consumers
• Ambiguity as to whose interest - the consumer's or Google's - is being served by the processing of personal data
• Ambiguous consent, stemming from Google's pre-checking of some personalization option boxes
• No provisions for consumers to pick and choose opt-ins to various data processing activities; blanket consent only.

And because Google hasn't delegated authority for data collection and processing to any part of the company in the EU, CNIL has made its judgment directly against the company's corporate headquarters in the USA.

It's significant that CNIL's investigation and judgment came about as a result of complaints from civil rights advocates and not from any competitor who might have claimed to have suffered a loss of sales or profits as a result of actions of Google.

To Americans, with their alleged "cowboy" mindset, that makes CNIL's work look like a theoretical, ivory-tower sort of exercise not unlike the EU's diligent regulation of things like the curvature of bananas,

What's your opinion?