Google isn’t proceeding quickly enough with its own proposals to improve its user privacy policies in Europe, so six European Union nations are planning their next steps, which could mean hefty fines and deeper investigations into Google’s actions.
That’s the position of a European task force being led by France’s National Commission for Computing and Civil Liberties (CNIL), which has been waiting since last October for a response from Google on how the search giant would make privacy improvements to protect users of its online services.
Google, according to the CNIL, still “has not implemented any significant compliance measures,” the group said in a statement. Involved in the case are consumer protection authorities from France, Germany, Italy, the Netherlands, Spain and the United Kingdom. And the time for continued waiting by the authorities is apparently over.
“It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation,” said the statement. “Consequently, all the authorities composing the task force have launched actions on 2 April 2013 on the basis of the provisions laid down in their respective national legislation (investigations, inspections, etc.). In particular, the CNIL notified Google of the initiation of an inspection procedure and that it had set up an international administrative cooperation procedure with its counterparts in the task force.”
The CNIL’s mission is to ensure that “information technology remains at the service of citizens, and does not jeopardize human identity or breach human rights, privacy or individual or public liberties.”
Google could potentially be fined about $1 billion for shortcomings in its data privacy policies in Europe, according to an earlier eWEEK story.
One of the key issues arising in Europe surrounds Google’s handling of personal user data. Google “has been combining data from across its sites so it can improve the way it tailors its advertising to individuals,” according to a Feb. 19 story by The Daily Mail. That sharing of data is one of the main reasons for the controversy abroad.
Google’s privacy policies have been particularly criticized in Europe. In October 2012, the EU issued a report saying that Google wasn’t being clear enough about how it uses consumer data it collects.
Privacy issues surrounding Google and its use of consumer data have been on the minds of regulators in Europe and the United States for some time.
In January 2012, Google announced major changes to its data privacy policies, which folded 60 of its 70 previously separate product privacy policies under one blanket policy and broke down the identity barriers between some of its services to accommodate its then-new Google+ social network, according to an earlier eWEEK report. Google’s streamlining came as regulators continued to criticize Google, Facebook and other Web service providers for offering long-winded and legally gnarled privacy protocols. The Google privacy policy changes went into effect March 1, 2012.
The biggest change that was enacted concerned Google’s user accounts. When users are signed in, Google may combine identity information users provided from one service with information from other services. The goal is to treat each user as one individual across all Google products, such as Gmail, Google Docs, YouTube and other Web services.
Google claims this will lead to a simpler user experience, but it will also make it impossible for users to opt out of having their identities applied to dozens of Websites they might not have agreed to use.
In May 2012, French regulators accused Google of not being cooperative with investigators looking into privacy issues concerning the company and its practices there. A French regulatory agency said it had sent Google a questionnaire about the new privacy policy in March 2012, and that Google’s answers, which were received last April, were “often incomplete or approximate.” A follow-up survey also left questions remaining.