Google faces fine from French data regulator

Friday 27 September 2013 17.44
Google faces probes across Europe over changes to harmonise privacy policies
Google faces probes across Europe over changes to harmonise privacy policies

Google faces a fine for failing to make changes to its privacy policies sought by French regulators.

Google informed France’s data-privacy regulator that it contested findings that its policies were not in compliance with national rules the country’s data protection watchdog known as CNIL, said.

In June, the regulator gave Google a three-month deadline to comply with the requested modifications.

Google faces probes across Europe over changes to harmonise privacy policies for more than 60 products last year.

Global data-protection regulators in June wrote to the Mountain View, California-based company urging Chief Executive Officer Larry Page to contact them about possible issues with its web-enabled eyeglasses, called Google Glass.

The data regulator will now appoint someone to start a formal sanctions procedure, CNIL said.

“Our privacy policy respects European law and allows us to create simpler, more effective services,” Al Verney, a Brussels-based spokesman for Google, said by phone. “We’ve engaged fully with CNIL throughout this process and will continue to do so going forward.”

CNIL can levy a maximum fine of €150,000, and €300,000 in case of a repeated offense, Isabelle Falque-Pierrotin, chairwoman of the French authority, said in June.

Other regulators may impose sanctions of up to €1 million, potentially exposing Google to “several million euros” of fines on top of damaging its image, she said.

The French data protection watchdog had ordered the company to spell out for users why it collects information “to understand practically the processing of their personal data,” better inform users of its privacy policy, and “define retention periods of personal data processed that do not exceed the period necessary for the purposes for which they are collected.”

Six European privacy regulators started “coordinated” enforcement actions in April over the company’s failure to address complaints about its new privacy policy.

A spokesman for Britain’s Information Commissioner’s Office said it is still reviewing Google’s response.

Data protection regulators from the 28-nation EU, that make up the so-called Article 29 Data Protection Working Party, wrote to Google Chief Executive Officer Larry Page last October, saying the company “empowers itself to collect vast amounts of personal data about Internet users” without demonstrating that this “collection was proportionate,” and asking the company to bring its policy in line with EU rules.