EU fines Google £3.8 billion, and that’s without a data breach

“GDPR is like a gun aimed at the temple of big techs,” or so an expert in data privacy told GDPR Report. The gun has been fired, and it hasn’t even got anything to do with privacy. Is this just the beginning? Another expert reckons more enforcement action will follow.

Google, and indeed the parent company, Alphabet, have been fined €4.34bn (£3.8bn). But the fine could become even greater.

The fine relates to the finding by the EU Competition Commission that the company was in breach of competition rules, concerning the pre-installation of the Google search browser within Android devices sold in Europe.

Apparently, the Californian company gave companies financial incentives to pre-install its apps.

“Google must now bring the conduct effectively to an end within 90 days or face penalty payments of up to 5% of the average daily worldwide turnover of Alphabet, Google’s parent company,” said the EU Commission.

Alphabet’s global turnover was $110 billion in 2017.

Although the fines seem unrelated to GDPR, it does highlight the EU’s determination to ensure that Google/Alphabet adheres to EU regulations.

Ardi Kolah LL.M, Director, GDPR Programme, Henley Business School told GDPR Report: “What this latest world record fine signals a hardening of the attitude of the European Commission where both anti-EU competitive activities coupled with abuse of market position can attract the highest level of sanction and fine. Social media giants such as Google and Facebook are already in the line of fire when measured against the higher standards of data protection, privacy and security under the GDPR, so expect more enforcement action over the following months across the EU by Supervisory Authorities under the watchful gaze of the newly formed European Data Protection Board (EDPB).”

Or, as Nicola McKilligan-Regan, Senior Partner at the Privacy Partnership, as well as the founder and CEO of Smart Privacy, told GDPR Report, said: “The large tech companies should remember that they are increasingly viewed as monopolies because of their market share. They need to reflect this with an appropriate ethical approach to ensure they don’t overstep the mark ‘just because they can’. Otherwise, they may pay a bigger price than even these fines – such as restrictions on their operations in Europe.“

She had previously told GDPR Report that “GDPR is like a gun aimed at the temple of the big technology companies.”

Many have argued that the EU and data privacy regulators do not have the stomach to impose big fines on the giant techs.

This fine by the EU surely shows that this is not the case.

Under the GDPR, regulators can fine a company up to 4% of its turnover for more serious GDPR related transgressions.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.