France Imposes Record Fines on Google and Shein for Privacy Violations

In a landmark decision on September 4, 2025, France's data protection authority, CNIL, has imposed significant fines on tech giant Google and fashion retailer Shein for serious breaches of privacy regulations. These penalties mark one of the largest enforcement actions taken in the country's ongoing commitment to uphold data privacy standards.

Google faces a hefty fine totaling €150 million, while Shein sees a record penalty of €300 million—one of the largest fines ever issued to a fashion company. The fines are a direct response to both companies' inadequate handling of user data, particularly concerning consent for data collection and insufficient transparency in their privacy policies.

According to CNIL, Google significantly lacked in obtaining proper user consent for data tracking practices, which are critical under European regulations. Similarly, Shein was found to have violated privacy norms by using personal data without sufficient disclosure to its customers regarding their rights, leading to the severe financial repercussions imposed on the company.

In its statement, CNIL emphasized the importance of maintaining robust privacy practices, noting, "User data is a fundamental right that should be respected and protected by all companies operating within France." This action underlines the French authority's stringent approach to ensuring compliance with GDPR and related privacy legislation that came into effect a few years prior.

The fines are expected to serve as a deterrent to other companies regarding data handling practices, reinforcing the message that privacy violations will lead to serious consequences. With public awareness of privacy issues rising, both Google and Shein have pledged to enhance their data protection protocols moving forward, indicating potential reforms in their operational structures to meet statutory requirements better.

As privacy regulations continue to evolve, the CNIL's actions signal a proactive stance against non-compliance that could influence future enforcement actions within the EU. The fallout from these fines may also prompt discussions about the need for standardizing practices across multinational corporations operating in France and the broader region.