European Data Protection Authorities to Launch Enforcement Actions Against Google
Six European data protection authorities will conduct formal investigations of Google's new privacy policy, trying to force the company to overhaul practices.
Led by the French privacy watchdog CNIL, organizations in Britain, the Netherlands, Germany, Spain and Italy agreed Tuesday on the joint action, with the ultimate possibility of imposing fines or restrictions on operations across the entire 27-country European Union.
From March to October 2012, memmmbers of the Article 29 Working Party (A29WP), which brings together data protection authorities from across the European Union, investigated into Google's privacy policy with the aim of checking whether it met the requirements of the European Data Protection Directive (95/46/CE). CNIL's findings raised questions about the legality of Google's processing of personal data. In view of the findings, the EU Data protection authorities asked Google to comply with their recommendations within 4 months.
After this period has expired, Google has not implemented any significant compliance measures, according to CNIL.
On 19 March 2013, CNIL invited representatives of Google at their request to meet with the taskforce led by the CNIL and composed of data protection authorities of France, Germany, Italy, the Netherlands, Spain, and the United-Kingdom. Following this meeting, CNIL said that no change had been seen.
"It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," CNIL said.
Consequently, all the authorities composing the taskforce have launched actions on 2 April 2013 on the basis of the provisions laid down in their respective national legislation (investigations, inspections, etc.)
In particular, the CNIL notified Google of the initiation of an inspection procedure and that it had set up an international administrative cooperation procedure with its counterparts in the taskforce.
Google says it merged its privacy policies in March 2012 for the sake of simplicity, and that the changes comply with European laws.
"Our privacy policy respects European law and allows us to create simpler, more effective services," Google said in a statement. "We have engaged fully with the DPAs involved throughout this process, and we'll continue to do so going forward."
The fines' financial impact on Google would be limited, at least for a company like Google. However, a successful legal action would hurt Google's image and could block its ability to collect such data until it addresses the regulators' concerns.
From March to October 2012, memmmbers of the Article 29 Working Party (A29WP), which brings together data protection authorities from across the European Union, investigated into Google's privacy policy with the aim of checking whether it met the requirements of the European Data Protection Directive (95/46/CE). CNIL's findings raised questions about the legality of Google's processing of personal data. In view of the findings, the EU Data protection authorities asked Google to comply with their recommendations within 4 months.
After this period has expired, Google has not implemented any significant compliance measures, according to CNIL.
On 19 March 2013, CNIL invited representatives of Google at their request to meet with the taskforce led by the CNIL and composed of data protection authorities of France, Germany, Italy, the Netherlands, Spain, and the United-Kingdom. Following this meeting, CNIL said that no change had been seen.
"It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," CNIL said.
Consequently, all the authorities composing the taskforce have launched actions on 2 April 2013 on the basis of the provisions laid down in their respective national legislation (investigations, inspections, etc.)
In particular, the CNIL notified Google of the initiation of an inspection procedure and that it had set up an international administrative cooperation procedure with its counterparts in the taskforce.
Google says it merged its privacy policies in March 2012 for the sake of simplicity, and that the changes comply with European laws.
"Our privacy policy respects European law and allows us to create simpler, more effective services," Google said in a statement. "We have engaged fully with the DPAs involved throughout this process, and we'll continue to do so going forward."
The fines' financial impact on Google would be limited, at least for a company like Google. However, a successful legal action would hurt Google's image and could block its ability to collect such data until it addresses the regulators' concerns.