Read this previous post for a recap of Google’s changes to its privacy policies in January 2013 and the reactions from U.S. and EU legislators, advocates and the public. The data protection authority in France (the National Commission for Computing and Civil Liberties, CNIL) has been investigating. Now, Gigaom reports that CNIL has fined the Internet services giant €150,000 ($204,000) over privacy violations.
Recall that Google has paid small fines (compared with Google’s earnings) for privacy scandals before. In April 2012, the Federal Communications Commission decided (redacted pdf) that it would not take enforcement action against the company over data collection and retention as part of its online mapping service, Street View, but it would fine Google $25,000 for impeding the agency’s investigation into the private data collected and retained via its Street View product. In March, Google reached a settlement (Connecticut pdf; archive pdf) with 38 states and the District of Columbia over the collection and retention of individuals’ personal data through its Street View product, but the company would only have to pay $7 million total and implement a privacy program.
In a statement on Wednesday, CNIL said Google’s merging of its various services’ privacy policies into a unified policy was in itself legal, but the way in which it implemented that unified policy was not legal. […]
The regulator also ordered Google to put a notice on google.fr over 2 days – within 8 days from today – about the decision.
“This publicity measure is justified by the extent of Google’s data collection, as well as by the necessity to inform the persons concerned who are not in a capacity to exercise their rights,” CNIL said.