French Regulators Want More Information From Google

By Jeffrey Burt  |  Posted 2012-05-25

Google Again Clashing With Regulators Over Privacy

Google officials once again are being accused by regulators of not being cooperative with investigators looking into privacy issues concerning the dominant Web 2.0 company.

This time, the complaints are coming from Europe Union (EU), where a French agency taking the lead in the investigation over questions about Google€™s new privacy policy is saying that the search giant gave €œincomplete€ and €œapproximate€ answers to a questionnaire sent to it in March.

In a statement released May 23, France's CNIL (Commission Nationale de l'Informatique et des Libertés) said it had sent Google a questionnaire about the new privacy policy in March, and that the company sent back its answers in April.

€œThe CNIL welcomes Google's collaboration but regrets that the answers are often incomplete or approximate,€ the organization said.

The CNIL sent another questionnaire to Google May 22 in hopes of clarifying some questions, and met with Google representatives May 23. It has given Google until June 8 to answer the new questions.

European regulators are concerned about the privacy policy changes that Google announced in January and put into effect March 1. Essentially, Google did away with privacy rules for individual products like search, YouTube and Google Maps, and instead put in an umbrella policy that covered all 60 or so Google Web services. At the same time, Google also moved to bring in user information from all the services, creating large single-user profiles.

Google officials said the move would improve the quality of service. Critics disagreed, saying it was the latest step by Google to create better digital profiles of users in hopes of boosting its online ad business.

The European Union had asked Google to delay implementing the new policy until the questions raised by the CNIL had been answered. Google officials declined, stating that they were confident the policy adequately protected the privacy and rights of European citizens.

In a statement March 1, EU Justice Commissioner Viviane Reding said that it was €œunfortunate that Google has gone ahead with the new policy before addressing the French data protection authority's concerns. All companies that offer services to European consumers must provide their customers with clear information about their privacy policy. In Europe, consumers must be able to make informed decisions about using Internet-based services."

Now the CNIL is pushing Google executives to be more forthcoming in their answers. Given the current information, €œthe CNIL considers it impossible to know Google's processing of personal data, as well as the links between collected data, purposes and recipients, and that the obligation of information of the data subjects is not respected. The CNIL also notes that Google has not provided a maximum retention period for the data.€

CNIL officials said they are still concerned about the purpose and legality of Google€™s combining of personal data across services, and whether the opt-out procedures in place are a valid means for users to oppose Google€™s efforts.

French Regulators Want More Information From Google

€œFinally, Google has not provided a practical answer on the way the ePrivacy Directive is applied for Google's 'passive users,' i.e., the persons who use Google's services [advertising, analytics, +1 button] when they visit third-party Websites,€ CNIL officials said.

Once the organization has Google€™s new answers, it will present a report to the EU€™s Article 29 Working Party, which will decide how Google can bring the new policy into compliance. Google will get the determination by mid-July, the CNIL said.


The CNIL€™s letter about Google and its privacy policy comes less than a month after issues surrounding the search vendor€™s controversial Street View program flared up again in the United States. The Federal Communications Commission (FCC) on April 13 fined Google $25,000 for intentionally obstructing an investigation into the company€™s collecting of personal data from WiFi networks while conducting its Street View project between 2007 and 2010.

The FCC said in its report that it could not find any evidence of legal wrongdoing on the part of Google, in part because the company €œdeliberately impeded and delayed€ the commission€™s investigation by refusing to provide information and documents requested as part of the investigation. In addition, an unnamed Google engineer who created the software that collected the WiFi data did not testify at a deposition, instead invoking his Fifth Amendment right against self-incrimination.

Google executives disputed the FCC€™s claim, saying they €œprovided all the materials the regulators felt they needed to conclude their investigation, and we were not found to have violated any laws."

Google had claimed the collection of the personal WiFi data€”including passwords, emails and search histories€”was the work of a rogue engineer. But soon after the FCC fine, it was learned that the engineer, Marius Milner, had told at least two other Google employees that such €œpayload data€ was being collected.

The revelation renewed calls by privacy advocates and some politicians in both the United States and Europe to reopen the investigations into Google€™s Street View program.

Rocket Fuel