France, Italy pile on privacy, data pressure on Google; fines likely

France, Italy pile on privacy, data pressure on Google; fines likely

Summary: France and Italy are set to gently grill Google over the European legal fire should it fail to change its merged privacy policy in the region. Other EU member states' privacy regulators are also less than pleased with the search giant.

Google's New York City headquarters. (Credit: ZDNet/CNET)

France's data protection agency has ordered Google to change its consolidated privacy policy, more than a year after the company merged 60 individual policies into one single document. 

In a press release issued Thursday, the Commission Nationale de l'Informatique et des Libertes (CNIL) said that following a year-long investigation, Google's data collection policies are in breach of French data protection and privacy laws. 

It comes more than half a year after European data protection and privacy regulators warned the search engine that its new privacy policy shows legal "irregularities" and may not be "in compliance" with European law.

Two of the biggest gripes the French have with Google's privacy policy practice is the "potentially unlimited combination of users' data" and the lack of definition for retention periods "that do not exceed the period necessary for the purposes for which they are collected."

Meanwhile, Italy's privacy watchdog asked Google for more information on how it treats user data, according to Reuters, shortly after the French watchdog's statement, sending a clear signal from two significant European economies.

The Italian authorities will evaluate a possible violation of data rules as it mulls over implementing similar financial sanctions.

Google said last year the privacy policy merger would make its products better, enhance the experience for users, while making advertisements more targeted allowing more specific and relevant ads for users. Privacy activists warned that it would be easier for Google and its advertisers to determine who was who, despite the anonymization, and warned of profiling.

Should the search giant fail to comply after the imposed three-month deadline, Google will face a fine of up to €150,000 ($198,000) and a second fine of up to €300,000 ($397,000) if the company fails to act.

But other data protection regulators around Europe, including the U.K. (which can serve a maximum £500,000 ($758,000) fine against a company), the Netherlands, Germany, Italy, and Spain are mulling over similar actions, the CNIL said.

Financial reprimands may not be enough for Google to change its mind. The two fines combined remains small change to Google. France's two fines alone would take the company less than 15 minutes to regenerate in revenue.

The search company continues to state that its privacy policy respects European law.

Topics: Google, Data Management

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Remember when MS was on track to be the First Trillion Dollar Company?

    They probably would have made it, too, if it hadn't been for stuff like this. But it comes with the territory and, in my view at least, stopping the dominance of MS have lead to great things, like the existence of Google and Apple at all.

    So, Google, stop being a douchey spyware company and start making products people actually like enough to pay you for and I think you, the EU, and indeed all of us will be a lot happier and better off.
    x I'm tc
  • These fines are a joke

    And serve as no deterrent at all for bad corporate behavior (not just by Google). They should be fined a percentage of their gross. That will make them sit up and take notice.