• Categories

  • Archives

    « Home

    Update: Five European Nations Join CNIL in Investigating Google’s Privacy Policies

    To recap: In January 2012, Google announced changes in its privacy policies that would affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized (pdf) the Internet services giant for not including an opt-out provision. The critics included 36 U.S. state attorneys general, who wrote to (pdf) Google raising privacy and security questions about the announced privacy policy changes. The EU’s Article 29 Data Protection Working Party wrote to (pdf) to the online services giant about the privacy policy changes, which affect 60 Google services. The Working Party, which includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor, asked Google to halt implementation of these changes while the data protection authority in France (the National Commission for Computing and Civil Liberties, CNIL) investigates. Google refused and its new privacy policies went into effect in March 2012. The CNIL investigation has continued, with Google answering two questionnaires about its privacy policies from the authority. In October, the CNIL wrote (archive pdf) to Google to announce findings (archive pdf) from its investigation and recommendations for changes from the Internet services giant. The authority said that there are issues with Google’s privacy policies and it may violate European data-protection laws.

    Now, data protection authorities in Britain, Germany, Italy, Spain and the Netherlands have announced that they also will investigate Google’s privacy policies. The Associated Press reports that there is “the ultimate possibility of imposing fines or restrictions on operations across the entire 27-country European Union.”

    However, “The fines’ financial impact on Google Inc. would be limited — French privacy watchdog CNIL has the right to fine the company up to 300,000 euros ($385,000), approximately the amount it earns in three minutes, based on its projected revenue of $61 billion this year. Britain can fine up to 500,000 pounds, but rarely does.” Bloomberg News reports that “CNIL’s heaviest fine to date was 100,000 euros ($128,340) against Google in 2011 for breaches related to its Street View mapping service.”

    However, the investigation by the European authorities could affect Google’s business, the Associated Press reports: The six probes “could block [the search giant’s] ability to collect such data until it addresses the regulators’ concerns.”

    The New York Times reports that each data protection authority has different enforcement powers: “In some countries, regulators can bring criminal complaints; in others, they cannot.” Google told the newspaper, “We have engaged fully with the data protection authorities involved throughout this process, and we’ll continue to do so going forward.”

    Leave a Reply