French privacy regulator fines Google €150,000

This post is in: January 23, 2014

France is among many EU countries seeking sanctions against Google for its privacy policy consolidation

The consolidation of Google’s many privacy policies into one comprehensive privacy policy in March 2012 has drawn very critical attention by privacy regulators in Europe. The working group composed of all EU Data Protection Authorities scrutinized the new policy and determined that it does not comply with the EU regulatory framework for data protection. The regulators made a number of recommendations regarding the new privacy policy, which Google declined to implement. Six of the national data protection regulators referred to matter to their enforcement agencies, including France’s CNIL (Commission nationale de l'informatique et des libertés).

The CNIL Sanctions Committee has imposed a record €150,000 penalty on Google, citing the following reasons:

On the substance of the case, the Sanctions Committee did not challenge the legitimacy of the simplification objective pursued by the company’s merging of its privacy policies.

Yet, it considers that the conditions under which this single policy is implemented are contrary to several legal requirements:

  • The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing. They may therefore neither understand the purposes for which their data are collected, which are not specific as the law requires, nor the ambit of the data collected through the different services concerned. Consequently, they are not able to exercise their rights, in particular their right of access, objection or deletion.
  • The company does not comply with its obligation to obtain user consent prior to the storage of cookies on their terminals.
  • It fails to define retention periods applicable to the data which it processes.
  • Finally, it permits itself to combine all the data it collects about its users across all of its services without any legal basis.

It has been reported that Google has filed an appeal of the decision with the Council of State, the supreme court for administrative matters.