PPI - Radically Pragmatic
  • Donate
Skip to content
  • Home
  • About
    • About Us
    • Locations
    • Careers
  • People
  • Projects
  • Our Work
  • Events
  • Donate

Our Work

The Google GDPR Fine: Some Thoughts

  • February 1, 2019
  • Michael Mandel

The GDPR will mean big changes in the way that European and U.S. companies do business in Europe. As we noted at a recent privacy panel, rather than being a matter of speculation, its economic impact has become an empirical question. Will the tighter privacy protections of the GDP slow growth and innovation, as skeptics claim, or will these provisions increase consumer trust and usher in a new era of European digital gains, as supporters say? We await the answers to these questions with great interest.

However, the enforcement stage of the GDPR has not gotten off on the right foot. CNIL, the French National Data Protection Commission, just fined Google 50 million euros for what they called “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.” The fines were based in part on complaints filed by privacy groups on May 25, 2018, the very day that the GDPR went into effect. Moreover, the complaints were filed in France, despite that fact that Google’s European headquarters are in Ireland.

The location of the complaints is relevant because the most straightforward reading of the GDPR’s “one-stop-shop” principle suggests that the location of a company’s European headquarters is the main factor determining the company’s lead regulator for GDPR purposes. That’s not the only criterion, for sure, but it was only natural for the Irish Data Protection Commission to take the lead role in regulating Google.

The fact that the privacy organizations filed their complaints with France, not Ireland, suggests that they were forum-shopping–looking for a country which would look favorably on the issues they raised.  Moreover, France’s willingness to jump to the front of the regulator queue suggests that they were interested in setting a precedent, rather than letting the GDPR process unfold.

Finally, an important part of the rationale behind the GDPR was to further move towards a digital single market, by allowing companies to only deal with a single privacy regulator.  If other countries follow France’s lead and find reasons to levy data protection-related fines on multinationals that have their European headquarters elsewhere, then the GDPR will end up fragmenting markets, rather than making them more consistent. That’s a losing proposition for everyone.

Related Work

Budget Breakdown  |  July 3, 2025

Passage of ‘One Big Beautiful Bill’ Renders Republican Deficit Hawks Extinct

  • Ben Ritz Alex Kilander
Blog  |  July 2, 2025

Senate Republicans Go Nuclear to Blow Up the National Debt

  • Ben Ritz
Budget Breakdown  |  June 26, 2025

GOP’s “Big Beautiful Bill” Would Undermine Economic Stability

  • Ben Ritz Alex Kilander Nate Morris
Blog  |  June 26, 2025

“Trump Accounts” Are a Promising Start, But Flaws Remain

  • Alex Kilander
Op-Ed  |  June 18, 2025

Weinstein Jr. for Forbes: It’s The Early 1990s Bond Market Again

  • Paul Weinstein Jr.
Budget Breakdown  |  June 18, 2025

Senate Changes to House Reconciliation Bill Are a Mixed Bag

  • Ben Ritz Nate Morris
  • Never miss an update:

  • Subscribe to our newsletter
PPI Logo
  • Twitter
  • LinkedIn
  • Facebook
  • Donate
  • Careers
  • © 2025 Progressive Policy Institute. All Rights Reserved.
  • |
  • Privacy Policy
  • |
  • Privacy Settings