France’s National Data Protection Commission said Monday it has fined Google €50 million ($57 million) for violating provisions of the European Union’s new General Data Protection Regulation, or GDPR, which was enacted into law in May.

It marks the first penalty under the GDPR for a major U.S. tech firm, and could signal more are coming.

The move by the French watchdog comes after an investigation was launched in June right after the new laws went into effect. The CNIL said it fined Google “for lack of transparency, inadequate information and lack of valid consent” regarding ad personalization.

Consumers worldwide remember when the GDPR was enacted thanks to the flood of update-your-email requests to inboxes and new privacy policy update prompts that began appearing on websites. Among the provisions, the new law restricts how companies obtain and handle online data and information. Most prominent is the rule called “The Right To Be Forgotten,” which allows consumers to ask that their information be taken down and/or eliminated from databases. If companies do not comply, they face substantial fines.

Google said in a statement it is evaluating the decision.