“It’s so large that it’s going to take us a full week to push the notices out worldwide,” Peter Fleischer, Google’s global privacy counsel, told a data protection conference in Berlin on Monday.
The Alphabet Inc unit – which has faced its share of scrutiny by European privacy watchdogs – invested more than 500 human years, overcoming tens of thousands of bugs, looking at over 1,100 products and projects in light of the needed changes, according to Fleischer.
“We had to update, and this is the one that floors me, 12.5 million contracts” with, for example, companies that use Google’s analytic services, or its advertising services, said Fleischer. “This is not just to bring us into compliance, it’s also to help bring all of our business partners into compliance with their obligations.”
The pressure for compliance is increasing on companies using or processing EU personal data. Privacy regulators across the 28-nation block will from the end of the month get the powers for the first time to levy fines of as much as 4% of annual sales. Laws under the current EU rules vary from country to country, with some watchdogs not able to levy fines.
The new EU law puts the onus on companies processing data to obtain consent for doing so and imposes stricter curbs on how personal information is used. It’s not only companies though that are rushing to comply. EU nations too are under pressure, with so far only four countries – Germany, Austria, Slovakia, Sweden – having adapted their national rules to the new law. And even here, the European Commission said some of these changes still need fine-tuning.
“We don’t like to see any deviations which will go beyond the rules and spirit” of the rules, EU Justice Commissioner Vera Jourova said at the event, adding that eight countries will likely not be in compliance by the deadline. “Is it a disaster? It’s a matter of opinion, but I think it will not contribute to bringing certainty to member states.”
The Facebook Inc, Cambridge Analytica scandal shows why stricter rules are necessary, after the data of some 2.7 million people in Europe was misappropriated, she said.
With just 11 days to go until compliance should be in place, the commission is trying “to decrease the panic among the small- and medium-sized enterprises” and issuing advice to companies, said Jourova. “I will not lie, I do not expect all to be ready by May 25.” — Bloomberg