CNIL’s restricted committee imposed a financial penalty of 50 Million EUR against Google, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information, and lack of valid consent regarding the ads personalization. According to CNIL, the information relevant for the GDPR is scattered through severalsteps and often incomprehensible to the users. In addition, Google when personalising ads failed to obtain valid consent from the users, since the user was not sufficiently informed about the extent of the processing information
and the collected consent was ambiguous.
Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.
Jurisdiction is the authority of the court and state organs to decide on legal cases. The relationship between jurisdiction and the Internet has been ambiguous, since jurisdiction rests predominantly on the geographical division of the globe into national territories. Each state has the sovereign right to exercise jurisdiction over its territory.