Google plans to appeal the fine; however, this will likely be the first of many actions against companies, including U.S. companies, for violations of the broad GDRP rules.
While the GDPR is an EU law, it does apply to many U.S. companies. Moreover, U.S. companies will start facing similar rulings in the U.S. as privacy laws are passed here. Indeed, California has already signed the California Consumer Privacy Act of 2018 (CCPA) into law, which will become operative on January 1, 2020. The full text of the CCPA can be viewed here.
TAKEAWAY: The protection of consumers’ personally identifiable information is extremely popular right now and companies cannot afford to overlook the new laws that are being passed in the U.S., the EU and elsewhere. The broad language in the GDPR can apply to companies even if they are not based in the EU. We recommend that companies take a close look at their data collection and storage procedures, their privacy policies and their agreements with consumers to ensure that they are on their way to becoming compliant with any privacy regulations that could affect them.