Google faces potential fines over privacy policy in France, Spain

June 20, 2013

Data-protection officials in France and Spain are leading a Europe-wide push for Google to change parts of its privacy policy deemed to violate European data-protection laws.

The effort comes as Google faces several inquiries from European regulators about its consumer and business practices, and amid questions about its participation in the PRISM surveillance program operated by the U.S. government.

Spanish data-protection officials Thursday opened preliminary disciplinary action against Google over its privacy policy, and they could assess fines of more than $395,000 for five infractions.

That announcement followed a separate action from the French agency CNIL, which conducted a year-long investigation into whether Google adequately notifies its users about the amount of data it collects, how it uses that information and how long it stores the data. The agency also said that it would fine Google about $200,000 if it does not modify its policy within three months to include those disclosures. Officials asked the search engine giant to set reasonable limits for storage and get users’ permission to store “cookies” — bits of code used for tracking consumers’ Internet habits — on their devices.

Google said in a statement Thursday that its privacy policy “respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”

Google’s current privacy policy, which folded 60 of its services under the same policy, has been in effect since March of last year. The move streamlined the company’s policies but also gave Google the ability to combine data collected from its signed-in users in new ways. European data-protection officials had asked the company to delay the updated policy last year to evaluate its effect on consumers, but Google moved ahead with its original timetable.

In its Thursday notice to the company, CNIL said that data-protection authorities from other countries — including Germany, Italy, the Netherlands and Britain — may pursue their own enforcement actions against Google.

The firm is already facing questions from the European Union’s antitrust regulators — who recently issued a preliminary ruling saying Google may have abused its dominance over the search industry — about whether it may have violated competition rules as part of deals it made through its Android mobile operating system. Ten global privacy regulators have also asked the company to provide more information on how it will deal with the privacy concerns surrounding its wearable computing headset, Google Glass.

The actions of the smaller data-protection agencies may put pressure on antitrust regulators to inflict a larger fine on Google, said Jeff Gould, president of the industry consortium Safe­Gov.org.

“Europeans are putting their foot down,” Gould said. “You see they’re now standing up for Europe’s right to have its own laws applied in its own territories.”

More tech news:

How Revlon turned around its business with I.T.

Samsung touts wide appeal, new products in glitzy event

Facebook announces video service for Instagram

Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.

Hayley Tsukayama covers consumer technology for The Washington Post.
Comments
Show Comments
Most Read Business