Instead of facing one European investigation into its privacy policy, Google now has to contend with at least six of them.
Data protection agencies in Britain, Germany, Italy, Spain and the Netherlands said Tuesday that they were moving to take action against Google over the policy, which the company introduced last year. They joined the French regulator, which had initiated a European Union inquiry on behalf of its counterparts across the 27-nation bloc.
While the regulators have repeatedly threatened the company with tough talk of a united front, the news Tuesday reflects the reality that privacy laws are fragmented across the EU, giving Google little incentive to yield.
Enforcement is a matter for national agencies rather than Brussels, but the French data protection agency - which is known by the initials CNIL - said it would cooperate with the other countries as they step up their scrutiny.
The CNIL said it had "notified Google of the initiation of an inspection procedure," the latest step in an investigation that began more than a year ago, when the agency said it thought the company's privacy policy violated EU law. Other agencies said they would conduct their own inquiries, building on the work of the CNIL.
The Google privacy policy streamlined the individual practices that had been in place across more than 60 Google services, from its search engine to its online mapping operation to YouTube.
The company said at the time that this was necessary to provide clarity to users and to improve its services.
European regulators, led by the CNIL, said that the company had been insufficiently forthcoming about its use of personal data, especially when the information was used across different services for purposes such as advertising.
Last October the heads of the 27 regulatory agencies wrote to Google's chief executive, Larry Page, demanding changes in the policy. They asked the company to do so within four months or risk sanctions.
"After this period has expired, Google has not implemented any significant compliance measures," the CNIL said in a statement.
Google has insisted that its use of data complies with EU law, and it stood by that position Tuesday.
"We have engaged fully with the data protection authorities involved throughout this process, and we'll continue to do so going forward," the company said.
Each of the national regulators now investigating Google has different procedures and enforcement powers.
In France, for example, the CNIL can fine privacy violators up to 300,000 euros, or about $385,000 - a drop in the bucket for a global giant like Google. In some countries, regulators can bring criminal complaints; in others they cannot.
The European Commission, led by its vice president, Viviane Reding, has been pushing for an overhaul of the bloc's privacy laws, under which data protection would be centrally regulated, but the idea faces opposition from some member states.
The announcement Tuesday means the investigations into the privacy policy could continue for months, during which time Google could continue to keep the system in place.
"It is essential regulators find a sanction that is not just a slap on the wrists and will make Google think twice before it ignores consumer rights again," Nick Pickles, director of Big Brother Watch, a privacy advocacy group in Britain.
Meanwhile, Google this week announced plans to replace its director of privacy for product and engineering, Alma Whitten, who helped create the privacy policy. Lawrence You, who helped start the team, will take over.
The privacy team at Google, which has 350 employees, was started in 2010 after two privacy blunders at the company involving improper data collection by Street View cars and Buzz, an ill-fated social networking tool.
The employees do things such as coach Google engineers on adding more privacy-friendly features to products, build tools like dashboards for Google users to control how their information is shared and make it more difficult for hackers to break into Gmail accounts.
The company said that Whitten's retirement, though she is in her 40s, had been planned and was unrelated to the EU news.
"Alma has done so much to improve our products and protect our users," Chris Gaither, a Google spokesman, said in a statement. "The privacy and security teams, and everyone else at Google, will continue this hard work to ensure that our users' data is kept safe and secure."
© 2013, The New York Times News Service
No comments:
Post a Comment