News that the U.S. National Security Agency under the Prism surveillance program secretly gathered user data from nine U.S. companies, including Google, to track people’s movements and contacts makes the timing especially sensitive for Google.
France’s data protection watchdog (CNIL) said Google had broken French law and gave it three months to change its privacy policies or risk a fine of up to 150,000 euros ($200,000).
Spain’s Data Protection Agency (AEPD) told Google it would be fined between 40,000 euros and 300,000 for five violations of the law, that it had failed to be clear about what it did with data, may be processing a “disproportionate” amount and holding onto it for an “undetermined or unjustified” period of time.
Google could face fines totaling several million euros.
“By the end of July, all the authorities within the (EU data protection) task force will have taken coercive action against Google,” said CNIL President Isabelle Falque-Pierrotin.
Last year, Google consolidated its 60 privacy policies into one and started combining data collected on individual users across its services, including YouTube, Gmail and social network Google+. It gave users no means to opt out.
National data protection regulators in Europe began a joint inquiry as a result. They gave Google until February to propose changes but it did not make any. Google had several meetings with the watchdogs and argued that combining its policies made it easier for users to understand.
The CNIL’s move is seen by legal experts and policymakers as a test of Europe’s ability to influence the behavior of international Internet companies. Read More