France Gives Google Three Months To Comply With Privacy Rules
France's data protection watchdog CNIL ordered Google on Thursday to change its privacy policy or face fines.
From February to October 2012, a taskforce led by the French National Commission on Computing and Freedom (CNIL) investigated into Google?s privacy policy with the aim of checking whether it met the requirements of the European data protection legislation. The investigation confirmed Google's breaches of the French Data Protection Act which, in practice, prevents individuals from knowing how their personal data may be used and from controlling such use. On the basis of its findings, published on 16 October 2012, the taskforce asked Google to implement its recommendations within four months.
CNIL claims that Google has not implemented any significant compliance measures so far.
CNIL's Chair has decided to give formal notice to Google, within three months, to define specified and explicit purposes to allow users to understand practically the processing of their personal data; inform users by application of the provisions of Article 32 of the French Data Protection Act, in particular with regard to the purposes pursued by the controller of the processing implemented; define retention periods for the personal data processed that do not exceed the period necessary for the purposes for which they are collected; not proceed, without legal basis, with the potentially unlimited combination of users' data; fairly collect and process passive users' data, in particular with regard to data collected using the "Doubleclick" and "Analytics" cookies, "+1" buttons or any other Google service available on the visited page and; inform users and then obtain their consent in particular before storing cookies in their terminal.
Google said it would continue to work with the authorities in France and elsewhere.
If Google does not comply with the formal notice at the end of the given time limit, CNIL?s Select Committee (formation restreinte), in charge of sanctioning breaches to the French Data Protection Act, may issue a sanction against the company. Google risks fines of up to 150,000 euros ($201,100) and a second of 300,000 euros - both very low considering Google's financial strengths.
The Data Protection Authorities from Germany, Italy, the Netherlands, Spain and the United Kingdom carry on their investigations under their respective national procedures and as part of an international administrative cooperation.
Google's privacy policy related to the Google Glass Project has also raised quetions.
Google Glass is a wearable computer project that is being developed and tested by Google. Google Glass includes an embedded camera, microphone, GPS, mini-screens and a touchpad on the side, with access to the Internet. This project has raised many concerns about its privacy and personal data protection implications. As a matter of fact, this device can be worn by an individual and used to film and record audio of other people.
Earlier this week, a global cooperation initiative has been launched by the Canadian Data Protection Authority, CNIL and several APEC members (Australia, New Zealand, Mexico,) has sent a letter to Google?s Chief Executive Office, Mr. Larry Page, in order to obtain clarifications on the functioning of Google Glass as well as clarification regarding their conformity to data protection legislations.
CNIL claims that Google has not implemented any significant compliance measures so far.
CNIL's Chair has decided to give formal notice to Google, within three months, to define specified and explicit purposes to allow users to understand practically the processing of their personal data; inform users by application of the provisions of Article 32 of the French Data Protection Act, in particular with regard to the purposes pursued by the controller of the processing implemented; define retention periods for the personal data processed that do not exceed the period necessary for the purposes for which they are collected; not proceed, without legal basis, with the potentially unlimited combination of users' data; fairly collect and process passive users' data, in particular with regard to data collected using the "Doubleclick" and "Analytics" cookies, "+1" buttons or any other Google service available on the visited page and; inform users and then obtain their consent in particular before storing cookies in their terminal.
Google said it would continue to work with the authorities in France and elsewhere.
If Google does not comply with the formal notice at the end of the given time limit, CNIL?s Select Committee (formation restreinte), in charge of sanctioning breaches to the French Data Protection Act, may issue a sanction against the company. Google risks fines of up to 150,000 euros ($201,100) and a second of 300,000 euros - both very low considering Google's financial strengths.
The Data Protection Authorities from Germany, Italy, the Netherlands, Spain and the United Kingdom carry on their investigations under their respective national procedures and as part of an international administrative cooperation.
Google's privacy policy related to the Google Glass Project has also raised quetions.
Google Glass is a wearable computer project that is being developed and tested by Google. Google Glass includes an embedded camera, microphone, GPS, mini-screens and a touchpad on the side, with access to the Internet. This project has raised many concerns about its privacy and personal data protection implications. As a matter of fact, this device can be worn by an individual and used to film and record audio of other people.
Earlier this week, a global cooperation initiative has been launched by the Canadian Data Protection Authority, CNIL and several APEC members (Australia, New Zealand, Mexico,) has sent a letter to Google?s Chief Executive Office, Mr. Larry Page, in order to obtain clarifications on the functioning of Google Glass as well as clarification regarding their conformity to data protection legislations.
