The six largest European markets — France, Spain, Italy, the UK, the Netherlands and Germany — announced on Tuesday that they will take joint legal action against Google over its privacy policies. The action will involve an investigation and possible fines.
This follows the company’s decision last year to consolidate more than 70 privacy policies for products and services into one policy. Google also changed its terms of service agreement. Those actions prompted an initial investigation by the Article 29 Working Party, formed to advise the EU on data protection and the free movement of information on individuals.
France’s privacy authority, CNIL, led the investigation. The Office of the Data Protection Commissioner in Ireland, which was also looking into the impact of the changes, was not involved in the action against Google.
They Said, Google Said
CNIL says Google didn’t comply with the EU data protection authorities’ recommendations issued in October, and did not follow up after a meeting with representatives of the six countries now investigating the company. The authories are looking for more information from the company such as the kind of data it collects from users, how long it keeps that information, and what kinds of easy-to-use tools it can offer customers to help them protect ther privacy.
Punishment and Crime?
It’s up to the data protection authorities in each country to determine how to proceed, but possible penalties include fines and restrictions on Google’s EU operations, said David Jacobs, consumer protection fellow at the Electronic Privacy Information Center.
The EU could sue to block Google from operating in Europe. Currently the company has more than 95 percent of the search engine market in Europe, according to StatCounter.
“Technically, I guess Google could be banned from operating in these countries unless it makes required changes,” John Simpson with Consumer Watchdog, told TechNewsWorld. “Frankly, I don’t see that happening.”
When it comes to possible financial penalties, the UK could fine Google more than US$750,000 for breaching its laws, and CNIL could hit Google for about $385,000. In the UK alone, Google reportedly generated more than $4 billion in sales.
“The amounts are trivial for Google,” Simpson said. “Perhaps over the long term the bigger impact could be the constant drip, drip of privacy violations. If that goes on long enough, it might damage Google’s image in a way that hurts its business.”
It’s All About Business
A calclulated business move could be one explanation for Google letting the situation in the EU get to this point regarding user privacy.
“I think Google determined that the commercial benefit that it derived from combining user data from all of its products and services outweighed the expected loss from public backlash and enforcement actions,” Jacobs noted.
Google “sees the relatively minuscule fines they have faced as a mere cost of doing business,” Simpson said. “They violate your privacy, say it was a mistake, claim they care about privacy, occasionally pay a token fine, and carry on with business as usual until the next violation, when the cycle begins anew.”
What About the US?
It’s still unclear what kind of government action Google might face in the U.S.
“The U.S. has taken a much less active approach to Google [than the EU],” Jacobs told TechNewsWorld. “No action at the federal level has occurred, but state attorneys general have expressed concern and could still act. And there are private lawsuits that are still being litigated.”
A private class action suit against Google is pending in federal court in San Jose, Simpson said.