EU gives Google four months to amend privacy policy

TOUGH STANCE: The Google logo reflected on an eyeglasses of a computer user. The European Union data protection watchdogs has given the company four months to comply with its privacy policy or face disciplinary action. - Reuters

PARIS: Google has four months to make its privacy policy comply with requests from European Union data protection watchdogs or start facing the possibility of disciplinary action at a national level.

France’s Commission Nationale de l’Informatique, working on behalf of the EU’s 27 national data regulators, said on Tuesday it had found legal flaws with a new approach to user data that Google adopted in March.

Among CNIL’s concerns was the way the US group combines anonymous data from users’ browsing histories across its services to better target advertising.

That led the national regulators to issue 12 recommendations for Google to bring its privacy policy into line, including better informing users on how data will be used, and setting precise periods for data to be retained.

Google global privacy counsel Peter Fleischer said the company would examine the results of the investigation, adding it remained confident its privacy policy respected EU law.

CNIL president Isabelle Falque-Pierrotin said regulators were prepared to talk to Google, adding: “If Google does not conform in the allotted time, we will enter into the disciplinary phase.”

Google can either negotiate with the regulators and change elements of its privacy policy or challenge their authority to impose changes in court. The data protection watchdogs that examined the privacy policy cannot rule on the legality of Google’s approach since they are not a court of law.

Some national data protection regulators including those in Belgium, France and the Netherlands have, in the past, imposed fines on companies that have breached rules. Such sanctions cannot be imposed EU-wide.

When Google was found to have broken data protection rules after its Street View cars collected unauthorised data on public wifi networks in 2010, it faced dozens of separate cases.

In that episode, Google was fined 100,000 euros (RM400,000 at today’s exchange rate) by the French watchdog and the Netherlands threatened a 1mil euro (RM4mil) fine if it did not change its policy.

Google’s new approach to data, which consolidated 60 privacy policies into one, allows the pooling of information collected on individual users across its services, including YouTube, Gmail and the Google+ social network. Users cannot opt out.

Jacob Kohnstamm, the Dutch data protection boss and head of the working group of EU data protection regulators, said it was the first time regulators had cooperated on an investigation.

“Since internet companies know no borders, it is indispensable that data protection work together,” he said.

Chris Watson, a lawyer at CMS Cameron McKenna LLP, said: “How the case turns out will be an important test case of Europe’s ability to enforce its point of view on online privacy”. — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Video gamers targeted in new wave of online scams
Chip crunch hits customers like ‘never’ before year into crisis
Esports talent in South Korea gets boost from big business, easing of gaming ban
Panasonic raises profit outlook 12% on share valuation gain
SG employment agency that suffered data breach says most stolen data is from fake profiles
Australia plans to make Google offer alternative search engines on smartphones
Sony ekes out 1% Q2 profit rise as PS5 costs squeeze margins
Apple suppliers committing to using 100% clean energy doubled
Tesla EV sales boom in Singapore, pushing rivals' models off the streets
Robinhood’s safety pitch collides with customer meme appetite

Others Also Read