The largest regulatory fine leveled against a company since the General Data Protection Regulation was enacted in May 2018 is poised to reshape business compliance practices across industries. In late January, CNIL fined a big-tech giant nearly $57 million, citing what the French data-protection regulator saw as failure to meet the core requirements of informed consent under GDPR. As the decision goes through appeal, the debate is far from settled about what constitutes informed consent in personal data collection. Nor will the scythe cut only the tallest grass. Read the full report.