France’s privacy watchdog, CNIL, has fined Google €150,000 for failing to conform to local law regarding tracking and storing user information.

CNIL has led pressure from privacy watchdogs throughout the region to get Google to rewrite its controversial 2012 privacy policy to align with EU data protection law.

The latest version of Google’s privacy policy introduced the practice of combining personal data from Google’s various online services, including YouTube, Gmail and Google Search.

Privacy groups are concerned that personal data is being stored in the US, reducing the control that European citizens have over their personal information.

These concerns have increased in the wake of claims by whistleblower Edward Snowden that US intelligence services have access to material stored in US-based cloud services.

In July 2013, the UK’s privacy watchdog joined data protection authorities in France, Spain, Germany, Italy and the Netherlands in demanding changes to Google’s privacy policy.

An investigation by the Information Commissioner’s Office (ICO) found that Google’s privacy policy raises serious questions about its compliance with the UK Data Protection Act.

EU recommendations

In February 2013, CNIL warned that Google could face could face a coordinated “repressive action” if it failed to comply with EU recommendations.

A set of 12 recommendations was adopted by 27 national regulators in October 2012 after a CNIL-led investigation into Google’s data collection practices.

The EU investigation began in March 2012, when Google started combining data from across its sites to better target advertising, which regulators see as “high-risk” to users’ privacy.

The new policy was implemented after the company combined 60 separate privacy policies into a single agreement, which raised privacy concerns on both sides of the Atlantic.

Google maintains that its privacy practices respect European laws.

“We have engaged fully with the authorities involved through this process, and we’ll continue to do so going forward,” it said in a statement.

Google fined for failure to comply

After Google failed to respond to the EU recommendations, CNIL issued a three-month deadline, which has now expired.

CNIL had demanded that Google specify what it is using personal data for, and how long it is held. It also wanted Google to let users opt out of having their data stored in a single location.

CNIL issued the fine for failure to comply and ordered Google to post the decision on its google.fr homepage for 48 hours within eight days of being officially notified of the ruling.

“The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing,” CNIL said in a statement.

A Google France spokesman told Reuters the company will take note of this decision and consider further action.

“Throughout our talks with CNIL, we have explained our privacy policy and how it allows us to create simpler and more efficient services,” he said.

Google could now face similar fines from other European countries unhappy about its privacy policy, but commentators point out the fines are small compared with Google’s earnings.

Although Spain could impose a fine of up to €1m or $1.4m, even this is small in comparison with the $10.7bn net profit that Google earned in 2012.

Via: computerweekly