Google Fined by French Agency over Privacy Policy

Google LabsAfter months of deliberation, a French privacy regulator has finally hit Google with a fine for violating the French Data Protection Act. The Commission Nationale de l’Informatique et des Libertes (CNIL) issued its highest penalty to date by fining Google €150,000, or about $200,000. Google must also post a message on its Google.fr homepage stating that its privacy policy is in violation of French law.

The decision by the CNIL is a response to a March, 2012 change to Google’s privacy policies in which policies for all of the company’s products were combined into one. User profiles across services such as Gmail, YouTube, Blogger, and more were also consolidated into one single profile.

This proved problematic in the view of the CNIL, which found that Google failed to protect user data in four ways. First, the company does not properly inform users of how their personal data is being handled. Second, it does not obtain user consent before storing cookies. Third, it does not define the retention periods for data it processes and, fourth, it permits itself to combine data across its services.

Google has run into problems with its data collection policies in Europe before and this isn’t the first time it has faced a fine. From a financial standpoint, the fine is no more than a slap on the wrist, so presumably Google has little reason to actually change its stance.

“We’ve engaged fully with the CNIL throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services. We’ll be reading their report closely to determine next steps,” a Google spokesperson said.

TAGS: , , ,