The French have given Google what amounts to a privacy ultimatum. The company now has three months to make changes or “fixes” to its privacy policy that satisfy French and broader European data protection laws. The immediate consequences for failure to do so could be fines of several million euros
Many nations in Europe have lined up behind the French who are taking the lead in trying to get Google to offer more transparency to users about what data are being collected and how those data are being used. European privacy rules are much more stringent than those in the US.
The French data protection authority, France’s National Commission for Computing and Civil Liberties (CNIL), was quoted by Bloomberg asserting that Google’s relatively new consolidated privacy policy violates European data protection laws because it “prevents individuals from knowing how their personal data may be used and from controlling such use.”
Google has been adamant that its privacy policy complies with all data protection and privacy laws in Europe — and so far been unwilling to make any changes.
In March 2012, Google combined its many and varied privacy policies into one. Google argued the change benefited users by distilling a complicated and potentially contradictory array of policies into a simplified approach that was easier to understand. It also allowed Google to use data across its network for any purpose, including ad targeting or product development.
Late last year, CNIL and other countries in Europe sent a joint letter to Google outlining their various concerns and objections to its privacy policy. The major objections were that Google doesn’t tell users what data are being collected and for what purposes the data are being used. CNIL also says that the policy is overly broad and allows Google to effectively do anything it wants with user data.
The French want more disclosures to end users about data usage and retention times. CNIL also wants Google to request permission for the use of third party cookies tied to Google services and ad serving. Other European countries are in alignment with the French in this “joint enforcement” initiative.
Right now, the maximum fine that can be imposed by the French and other European countries in alignment with the French (UK, Germany, Spain and others) is “several million euros.” However there is a proposal being considered by the European Parliament to permit data protection authorities to “fine companies as much as 2 percent of yearly global sales for ‘intentionally or negligently’ violating” privacy rules according to the Bloomberg article.
Two percent of $46 billion (roughly Google’s 2012 revenue) would be $920 million.
Comments