The fine stems from digital advocacy group complaints that followed shortly after GDPR took effect in May 2018. CNIL argued the size of the fine was valid as this was not only a basic violation of GDPR's "essential principles," but an ongoing violation rather than a one-time fault.

In response, a Google spokeperson told The Local that the firm was "deeply committed" to transparency and control, and was "studying the decision" to determine what it would do next. However, it doesn't exactly have many options. If it can't convince regulators that its existing consent systems are reasonable, it will likely have to make significant reforms.