France's data protection watchdog has fined Alphabet's Google €50m for breaching European Union online privacy rules.
It is the biggest such penalty levied against a U.S. tech giant.
The French regulator said the world's biggest search engine lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalised ads.
The EU's General Data Protection Regulation (GDPR), the biggest shake-up of data privacy laws in more than two decades, came into force in May.
It allows users to better control their personal data and gives regulators the power to impose fines of up to 4% of global revenue for violations.
"The amount decided, and the publicity of the fine, are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent," the CNIL said in a statement.
Google issued a statement saying that people "expect high standards of transparency and control from us".
"We’re deeply committed to meeting those expectations and the consent requirements of the GDPR," it said, adding that it was examining its next steps.
The CNIL decision follows complaints by two non-governmental organizations, None Of Your Business (noyb) and La Quadrature du Net (LQDN), which the regulator said had been mandated by 10,000 people to present the case.
The French authority, known for its stringent interpretation of privacy rules and for favouring a tough approach toward US Internet companies, sets a record with this penalty, which could reverberate in Silicon Valley.