France’s top administrative court, the Council of State, on Friday upheld an order that requires tech giant Google pay 50 million euros ($56 million) for violating European Union rules on data privacy. 

The fine was first imposed in January 2019, after Google was found by French regulator CNIL to be lacking transparency in how it handles personal data. The decision was based on a 2018 European Union data privacy law, the General Data Protection Regulation (GDPR). The law allows regulators to slap fines of up to 4% of global revenue on companies violating European data privacy regulations. In response to the decision, Google then filed an appeal to the Council of State.

The Council of State said Google has used “particularly intrusive” data collection methods. The court said the company “has not provided sufficiently clear and transparent information to users of the Android operating system and has not enabled them to give free and informed consent to the processing of their personal data for the purpose of personalizing advertisements.”

The California-based tech giant has vowed to make changes to help users better “understand and control how their data is used.”

Google is also currently undergoing investigation in Ireland, due to concerns of how the company handles location data of users. Ireland’s Data Protection Commission, based in Dublin, is investigating issues regarding the “legality of Google’s processing of location data and the transparency surrounding that processing,” according to the Commission. 

Google said in February that it "will cooperate fully with the office of the Data Protection Commission in its inquiry, and continue to work closely with regulators and consumer associations across Europe." 

Google also announced in February it would move user accounts and data of British users from the EU to the U.S. This move would circumvent the GDPR restrictions and allow British law enforcement to better collect user data for criminal investigations.