Show all guides
Europe
GDPR

Google fined €325 million by CNIL for ads in Gmail and cookie-consent failings

Last update:
Sep 3, 2025

France’s data regulator, CNIL, announced a €325 million fine on Google after finding that ads were being inserted between users’ Gmail messages without valid consent, and that advertising cookies were installed during account registration without giving users a choice and obtaining their informed consent. 

The investigation, which stemmed from a complaint filed by the organisation None Of Your Business, found that users often received ads in their inboxes that appeared to be emails, and that cookie policies were not clearly explained to users when creating a new account. CNIL considered this a breach of consent and transparency obligations under the GDPR and gave Google six months to correct practices or face additional daily fines. This sanction is one of CNIL’s largest and highlights the regulator’s focus on user-interface design and hidden tracking.

The full guidelines can be found
here

Related Guides

EU court rejects Meta’s challenge to 'consent or pay' opinion

May 7, 2025

The EU General Court rejected Meta’s attempt to overturn an EDPB opinion, ruling that requiring payment to avoid data tracking violates GDPR principles. The decision reinforces that consent must be freely given and not tied to financial status.
Europe
GDPR

WhatsApp Fined €5.5 Mil for GDPR Violations

January 23, 2023

The popular Meta messaging app is fined for similar GDPR violations other Meta products' Terms of Services have incited.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only