My Homepage

French could serve up fines to Google for privacy violation Security & Privacy

French could serve up fines to Google for privacy violation | Security & Privacy - CNET News

Google might face hundreds of thousands of dollars in fines in France for privacy violations. Small potatoes to the company, but the ruling could portend a more difficult relationship between Europe and Google.

On the day of Google's 15th birthday, French regulatory agency CNIL prepares to sanction the company.

French privacy watchdog CNIL said Friday that it plans to sanction Google following the search giant's refusal to implement privacy policy changes demanded by the group.

Google could owe France 150,000 euros ($202,755) for the violation, and then another 300,000 euros if it still refuses to comply three months after the first fine. However, CNIL has not ruled on what sanctions, if any, it will demand of the company. That news is expected sometime in the next week.

Not surprisingly, Google says that it's in compliance with the law. "Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the CNIL throughout this process, and we'll continue to do so going forward."

CNIL regulators disagreed with that assessment. "On the last day of the three-month time period given to Google, Inc., the company contested the reasoning followed by the CNIL, and notably the applicability of the French data protection law to the services used by residents in France," the agency wrote on its Web site.

The next step is for CNIL to appoint a rapporteur to initiate the possibility of sanctions, which could include the fines. CNIL is asking that Google:



Privacy experts are watching the case closely, because it could be the first in a new round of attempts by European governments to keep large American data-and-services companies like Google and Facebook in check with stricter enforcement of existing laws.

The case is important, said the Electronic Privacy Information Center's executive director, Marc Rotenberg, "because the changes that Google made to its privacy policies in March of 2012 were opposed by many people."

Rotenberg is referring to Google's unified privacy policy, which gave it the legal protection to share user data between its different services such as Gmail and YouTube, and is at the heart of the CNIL decision.

Sarah Downey, a privacy and law analyst with privacy-focused startup Abine, said that some of what CNIL is demanding is "very reasonable."

"Google should be able to answer how long they hold onto your data," she said.

Justin Brookman, the head of the Center for Democracy and Technology's Project on Consumer Privacy, said that Google is "probably more concerned about [Federal Trade Commission] enforcement than European regulator enforcement," noting that the company had to pay a $22 million fine for tracking cookie violations in Safari.

While Downey said that Google should be able to answer basic questions about what it's doing with your data, Brookman explained that Google might not know, and that could be part of why it's willing to take the hit from European regulators.

"From Google's perspective, they're probably not sure what they're going to do with the data right now. 'People trust us with the data, but we're going to do awesome things with it because we're Google.'"

Brookman did lament Google's lack of forthrightness in how long it keeps user data, echoing Downey, CNIL, and other privacy experts.

"It's ironic and hypocritical that Google wants to be able to talk about what's happening with the NSA, but they don't want to talk about what's happening with their own company," Downey said.

While Rotenberg said that it's important not to rush to conclusions on how CNIL will sanction Google, he did say that the situation has become more complex because of the National Security Agency spying.

"From the European perspective, [the NSA spying] is pretty much a nightmare because you worry about your commercial and confidential information becoming available to your international competitors," he said.

Even after CNIL makes a decision about what to do with Google, the company is not likely to stay out of regulators' crosshairs for long. One potential target, Rotenberg said, is Hummingbird, the company's new search engine algorithm.

"Hummingbird is completely a black box. They have no idea what it does; nobody has access to the code; and no one can evaluate it," he said.

"I'm not trying to gang up on Google here. But it's an enormous irony that they want more to be available, but are very private with their own data."

Also being discussed are what Downey described as "big changes" to the European Union's privacy rules. One of these, the hotly debated "right to be forgotten," would let you remove yourself from the Internet.

"It seems like Google is just going to keep getting in trouble," she said, but she doesn't think that potential changes will affect how the company handles user privacy.

"Will it change how Google does business? I don't see why it would," she said.

Senior writer Seth Rosenblatt covers Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.

Apple

Internet & Media

Politics and Law

Internet & Media

Security & Privacy

14kFacebook Likes

964Tweets

370Google Plus Shares

Like Us

Follow Us

Add Us

Subscribe

Download Now

Subscribe Now

Enter CNET's Home Smart Home Sweeps

Tell us which appliance you'd make smarter. Share your thoughts and you'll be entered to win the iRobot Roomba 790.
*No purchase necessary. See rules for details.

This website was created for free with Own-Free-Website.com. Would you also like to have your own website?
Sign up for free