The French data-protection watchdog has slapped Google Inc. with a record €150,000 fine, alleging that the U.S. company’s handling of user data violates French privacy laws.
“The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing,” the watchdog, the Commission Nationale de l’Informatique et des Libertés, or CNIL, said Wednesday in a statement. “Consequently, they are not able to exercise their rights, in particular their right of access, objection or deletion.”
Google also failed to comply with its obligation to obtain user consent before storing cookies on their terminals, and to define retention periods applicable to the data which it processes, CNIL added.
The CNIL ordered the U.S. Internet giant to post a statement on the ruling on its French home page for at least 48 hours within the next eight days.
“We have engaged fully with the CNIL throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services,” a Google spokesman said. “We will be reading this report closely to determine the next steps.”
France’s case against Google is the latest front in a broader war, as European authorities worry about the power a group of largely American companies has gained over the continent’s Internet economy.
Investigators and politicians from Brussels to Rome are looking at everything from Google’s search engine to how Apple Inc. decides what gets into its application store - and whether companies like those and Amazon.com Inc. are paying enough corporate tax.
The CNIL ruling comes less than a month after Spain fined - Germany, Italy, the Netherlands and the U.K. - are in the midst of parallel investigations into Google’s privacy practices that could lead to sanctions and fines.
In France, the CNIL launched in September a court-like proceeding against Google, the most aggressive step yet among a group of European regulators.
The €150,000 fine is the maximum data-protection penalty for first offenses, and the highest fine ever handed out by the CNIL.
“It is justified by the number and the seriousness of the breaches stated in the case,” said the CNIL.
At issue is a new privacy policy Google outlined in early 2012 allowing its various services—such as Gmail and YouTube - to share user data. Google has said the move simplified privacy controls for users. A number of regulators from EU countries say the move violates European privacy laws, in part by not being specific enough about what Google does with users’ data. But Google has always maintained that the company’s “privacy policy respects European law.”
Google has more at stake than just fines in the investigations. Smart use of user data across the Web is at the core of many Internet business models, often based on selling more targeted advertising to marketers who are fed up with the rising costs of TV commercials as well as the cheap ubiquity of plain Web banners.
(Published by The Wall Street Journal – January 8, 2014)