French watchdog moves to fine Google over refusal to change privacy policy

France's data protection watchdog is pressing ahead with plans to fine Google for failing to adjust its new privacy policy to comply with the country's law.
Written by Liam Tung, Contributing Writer

France's data protection watchdog is moving ahead with sanctions against Google over its new privacy policy.

CNIL (the Commission Nationale de l'Informatique et des Libertés) said on Friday it had commenced formal procedures to sanction Google. The move comes after the search giant didn't meet a three-month deadline the regulator set earlier this year, under which Google was asked to adjust its privacy policy in order to bring it in line with French data protection laws.

Google implemented its new policy in March last year, clearing the way for the company to merge user data gathered from 60 of its services while not offering users any way to opt out of having its data merged and used for targeted advertising. The policy drew the attention of data protection authorities across Europe, with France launching an investigation on the day the new policy came into effect, saying in a letter to the company: "Our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE)."

According to a statement by CNIL, Google responded to CNIL's request on the last day of the three-month deadline, and contested the watchdog's reasoning.

CNIL, which fined Google €100,000 in 2011 over its Street View gathering wi-fi data, can issue fines of up to €150,000. While it's a pittance for Google, the company is also facing similar enforcement action from regulators the UK, Germany, Italy, the Netherlands, and Spain.

The UK's Information Commissioner Office in July gave Google until 20 September to adjust its unified privacy policy or else face formal enforcement action. The watchdog can issue fines up to £500,000, while a separate probe by Spanish authorities could result in a €300,000 fine for the company is found to have breached local privacy laws. 

In CNIL's view, Google's policy prevents people from knowing how their data is used and doesn't offer any way to control how it's used. To remedy the shortcomings, it had ordered Google to give users a more detailed account of how data is used, data retention periods, and stall its plans to merge user data across services. 

ZDNet has asked Google for a comment on the story and will update the story if any is received.

More on this story

Editorial standards