European regulators have long been displeased with Google's revised privacy policy that went into effect in 2012, and now a French watchdog is moving forward with sanctions today after the internet company failed to address privacy concerns. The Paris-based Commission nationale de l'informatique et des libertés (CNIL) said today in a statement that Google "has not complied with the requests laid down in the enforcement notice," and the chair of the commission will "designate a rapporteur for the purpose of initiating a formal procedure for imposing sanctions" — setting off what may be a months-long process. Google faces a maximum fine of €150,000 (about $198,300) for its first offense, but a source tells The Wall Street Journal that the agency is investigating whether it has the power to treat every French Google user as a separate infraction, multiplying that maximum fine by many times.
The CNIL completed its original investigation of Google's privacy practices in October 2012, requesting that the company heed the agency's recommendations to alter its policies. The privacy policy in question combined several dozen separate policies under one umbrella, allowing Google to take advantage of user data from its multiple different services at once. The CNIL, which led the investigation for the European Union, said that the combination of the policies violated the "fundamental rights and freedoms of the data subject," adding that Google should be more transparent about its policies and request permission from its users, among other recommendations.
Regulator says combined policy violates "fundamental rights and freedoms of the data subject."
After Google failed to take action, it was left to regulators across European Union member nations to decide how to punish the company. That led France in June to give Google a three month deadline to make changes. That deadline passed today. The CNIL says that Google contacted the agency yesterday to say that it believes its services are not covered by the French Data Protection Act.
The UK, Germany, Spain, Italy, and the Netherlands are all conducting similar investigations that could lead to fines. Ultimately, however, the regulators have little power to meaningfully punish Google, which represents a large, foreign internet company that wields great influence abroad. In the works is a new privacy law backed by the European Union would allow for punishments up to two percent of Google's international revenue.Google, for its part, has repeatedly said that "Our privacy policy respects European law" and "we have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward."
