Last month, Google
was fined for violating French privacy rules with its “unified” privacy policy. The French National Commission for Computing and Civil Liberties (CNIL) had given Google and ultimatum to “fix” its privacy policy or be fined.
Generally speaking, CNIL objects to the lack of specific notice to consumers about how their data are being used. However, Google takes the position that it’s in full compliance with European privacy standards. It therefore declined to change anything to satisfy French regulators.
Making good on its threat, CNIL imposed the maximum available fine: 150,000 euros (roughly $203,000). CNIL stated that its “financial penalty is the highest which the Committee has issued until now.”
Another part of its administrative decision, CNIL required Google to post a statement on its French homepage that its privacy policy did not comply with French law:
The Sanctions Committee ordered Google Inc. to publish a communiqué on this decision on the website https://www.google.fr, during 48 hours, within eight days as of the notification of the decision. This publicity measure is justified by the extent of Google’s data collection, as well as by the necessity to inform the persons concerned who are not in a capacity to exercise their rights.
Google has now asked a French court to suspend this notification requirement while it appeals the CNIL decision and fine. According to the Wall Street Journal, Google told the court that the notice “would cause irreparable damage to Google’s reputation.”
Recognizing that its modest financial penalty would probably be meaningless to Google, CNIL audaciously decided to use the privacy statement to very publicly shame and punish Google. According to the WSJ article, CNIL also specified that the notification be in “Arial typeface no smaller than 13 points, just below the search buttons.”
It’s likely that the French court will agree that, during the period of the appeal, Google should not be required to post the notification.
Comments