Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Malta > Legal Developments > Law firm and leading lawyer rankings


Google hit with €50 Million fine over GDPR Violation

On the 25th May 2018, the same day on which the General Data Protection Regulation (“GDPR”) came into effect, complaints were filed against Google by two groups which advocate for privacy rights. The complaints were filed in France with the French data protection authority, the National Commission on Informatics and Liberty (“CNIL”). The complaints alleged that Google did not have a valid legal basis to process user data for the purpose of ad personalization.

The GDPR sets up a one-stop-shop mechanism which provides for the coordination of data protection authorities within the EU. In this case, Google’s European headquarters are situated in Ireland and the CNIL had to assess whether it was competent to deal with the complaints. It was established that Irish data protection authority did not have "decision-making powers" over Google's Android operating system and Google's services and thus CNIL was competent to take any decision regarding processing operations carried out by Google.

In its statement, CNIL held that Google was in violation of the obligation of transparency and information since users are not able to fully understand the extent of the data processing operations to which their personal data is subject. This is mainly due to generic and vague descriptions of the purposes for data processing as well as lack of information with regards to retention periods for some data. The current processing operations do not allow a user to be aware of the plurality of websites and applications (Google search, You Tube, Google Maps, Playstore etc.) and the amount of data processed and combined. CNIL also ruled that Google is not seeking clear, specific and unambiguous consent for all the different ways it processes data and contrary to the GDPR, pre-ticked consent boxes are used by Google.

CNIL fined Google €50 million - the largest GDPR penalty levied against a US Company to date. Although the fine may seem high, it is not exorbitant when compared to the fact that the GDPR allows a company to be fined a maximum of 4 percent of its annual global turnover, and Google’s earnings in the third quarter of 2018 alone amounted to $33.74 billion.

For further information about how GVZH Advocates can help you with your data protection legal requirements, kindly contact us on

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

GC Powerlist -

International Law Firm Networks