Google is facing a potential €525 million (£443 million) fine in France after the country’s data protection authority found that the company may have breached privacy laws through the way it displays personalised ads in Gmail.
The fine, if imposed by the Commission nationale de l’informatique et des libertés (CNIL), would be the largest ever levied by the French privacy regulator. The case centres on the use of tracking cookies and personalised advertising within Gmail, which are allegedly deployed without explicit user consent.
Gmail users in France have long complained about the platform placing ad banners that resemble emails directly within their inboxes.
While these ads are a common feature of Gmail’s free model, the CNIL is investigating whether the way consent is obtained — or bypassed — violates the country’s stringent data privacy laws.
At a public hearing on 26 June in Paris, a CNIL official stated that Google fails to seek proper consent when users set up Gmail accounts, instead automatically deploying cookies that fuel personalised ad targeting.
These ads, critics argue, compromise user privacy and create a misleading user experience.
The investigation adds to wider concerns about how major tech companies handle user data across services. Google, whose business model relies heavily on advertising, has previously faced scrutiny over its data practices in Europe. The current proceedings could set a precedent for how regulators interpret consent and personalisation in digital communication platforms.
The case remains ongoing. CNIL has not yet issued a final decision. Google has not responded to requests for comment.
If upheld, the penalty would surpass CNIL’s previous record fine of €150 million imposed on Facebook parent company Meta in 2022.
This development underscores growing regulatory pressure on Big Tech firms operating in Europe, where the General Data Protection Regulation (GDPR) continues to serve as a global benchmark for privacy enforcement.
