July 11, 2012

Google, Europe And The CNIL

Michael Harper for - Your Universe Online

Fresh off a record-setting $22.5 million fine from the American FTC, Google now has to wait until September before hearing their fate from a European regulator. Though France´s Commission Nationale de l'Informatique (or CNIL) had originally expected to have made a decision about Google´s privacy policies in June, the data protection watchdog group now says they´ll have to wait until the fall. Google had taken a new approach to their privacy policies in March, allowing data gathered on one Google feature, such as Gmail, to be lumped together with data collected from other services, such as Google+ or YouTube. Google has only now responded to questions the CNIL asked of them months ago and now, the answers must be poured over.

"We just received answers to questions we put to the company in May, and we are studying them closely," said Isabelle Falque-Pierrotin, the director of the CNIL in a press-conference.

Once the CNIL has concluded their investigation, they will present their findings to the data regulators of the G29, which represent the 27 European Union Member States.

In the end, Google could end up paying up to $368,700 (300,000 euros) to the CNIL, though it´s not yet known if Google would pay one lump sum to the data protection group or if individual states would ask for their own fines.

Despite various government agencies asking them to wait, Google pushed ahead with their one-size-fits-all privacy policies in March, claiming the sweeping move makes things easier for users to read and understand. Under the new policies, any signed in user now has their data collected and shared from one Google product to another, without the option to keep this information private. Now, Maps records are kept with Gmail records, and Google searches are kept with Google+ accounts. The Mountain View company does claim, however, that any data shared with its web browser, Chrome, and mobile payments are kept separate and covered under different policies.

Though Google claims they do not sell any “personally identifiable” information to third parties, they are selling some of your information, without giving you the opportunity to opt out. This kind of sharing and possible violations made the data regulators of the G29 nervous, prompting their investigation.

Google is certainly no stranger to international privacy investigations. As they began to scour the globe in their camera-equipped rovers, the Google Maps Street View team collected more than pictures of roadways; They also collected private information, such as emails and various internet activity, from residents´ unlocked wireless networks. A court in Madrid, Spain, sued Google for this collection of data in 2010. Days later, Canada´s Office of the Privacy Commissioner said this collection of data was a serious violation of their nation´s privacy laws and asked them to tighten their policies, or else. Italy, too, became concerned with the Google Street View vehicles and declared that every vehicle be clearly marked and identified, lest they pay a $250,000 fine.

More recently, Google and the FTC recently came to a settlement agreement in a case concerning iPhone tracking. Bypassing Apple´s (and the user´s) privacy settings, Google enabled third-party cookies to keep tabs on which sites iPhone users were visiting. Pending approval, Google will have to pay the FTC $22.5 million and sign a 20-year decree to settle this most recent privacy violation.