Europe continues privacy tussle with Google
Six countries launch "coordinated and simultaneous enforcement actions" against the company over changes made to its privacy policy in 2012 that let Google combine personal data across multiple products.
- Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Google's 2012 rewrite of its privacy policy, which gave the company the right to "combine personal information" across multiple products, is still ruffling feathers in Europe.
France's privacy watchdog, the Commission Nationale de l'Informatique et des Libertes (CNIL), said today that six European countries are launching "coordinated and simultaneous enforcement actions" because Google "has not implemented any significant compliance measures," despite a request for changes to the policy. The countries are France, Germany, Italy, the Netherlands, Spain, and the U.K.
It all dates back to early last year, when Google announced it would be rolling out a simpler privacy policy that would cover many of its different products and would, in some instances, "combine information you've provided from one service with information from other services."
The planned change raised concern in the U.S. Congress, prompted EU officials to ask Google to postpone the overhaul till its privacy implications could be examined, and led to lawsuits from the Electronic Privacy Information Center and the Center for Digital Democracy, among others.
In March 2012, the same month the new policy kicked in, the CNIL began an inquiry into the legality of the changes, and in October it asked Google to amend the policy within four months to better inform users on how their data would be used and set more precise limits on how long data would be retained, among other things.
This past February, the CNIL said Google would face a coordinated crackdown if it failed to adjust the policy. The CNIL said today that it met with representatives from Google on March 19 but that since that meeting "no change has been seen."
"It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," the CNIL said in its statement today. "Consequently, all the authorities composing the taskforce have launched actions on 2 April 2013 on the basis of the provisions laid down in their respective national legislation."
The Wall Street Journal noted today that the enforcement actions on the part of the six countries could lead to millions of dollars in fines for Google but that "with a fragmented set of regulators across each country and efforts still in the works to draw up a unified European privacy law that could levy unified fines, it's unclear how coordinated the authorities can be -- or how powerful they can become in pushing changes at big companies like Google."
Google, for its part, has maintained that its privacy policy isn't illegal and that the company has consistently cooperated with investigators. A Google rep told CNET today that the company's privacy policy "respects European law and allows us to create simpler, more effective services. We have engaged fully with the DPAs [data-protection agencies] involved throughout this process, and we'll continue to do so going forward."