LONDON — After European policymakers adopted a sweeping data privacy law last year, the big question was how regulators would use their newfound authority against the most powerful technology companies.
In the first major example, the French data protection authority announced Monday that it had fined Google about $57 million for not properly disclosing to users how data is collected across its services — including its search engine, Google Maps and YouTube— to present personalized advertisements.
The penalty is the largest to date under the European Union privacy law, known as the General Data Protection Regulation, which took effect in May, and shows that regulators are following through on a pledge to use the rules to push back against internet companies whose businesses depend on collecting data.
The ruling signals a new phase in enforcing the European law, which the region’s lawmakers and privacy groups have cheered as a check against the growing power of technology companies, while for general consumers it has led mostly to a frustrating increase in the number of consent boxes to click. The fine against Google is the fourth penalty against any company since the law took effect.
Europe’s experience is being closely watched by policymakers in the United States, who are considering a new federal privacy law. Tim Cook, Apple’s chief executive officer, last week called for new rules that closely follow Europe’s.
The ruling Monday takes aim at Google’s business model, which turns data on users into narrowly targeted ads.
A central element of Europe’s new regulations is that companies must clearly explain how data is collected and used. France’s data protection regulator, known as CNIL, said Google did not go far enough to get consent from users before processing data. Instead, it said, people are largely unaware of the data they are agreeing to share, or how Google plans to use the information.
Google defended its policies and said it was determining whether to appeal.