March 29, 2024

Google to Face National Regulators Over Privacy Policy

Data protection agencies in Britain, Germany, Italy, Spain and the Netherlands said Tuesday that they were moving to take action against Google over the policy, which the company introduced last year. They joined the French regulator, which had initiated a European Union inquiry on behalf of its counterparts across the 27-nation bloc.

While the regulators have repeatedly threatened the company with tough talk of a united front, the news Tuesday reflects the reality that privacy laws are fragmented across the Union, giving Google little incentive to yield.

Enforcement is a matter for national agencies, rather than Brussels, though the French data protection agency, — which is known by its French initials, C.N.I.L., said it would cooperate with the other countries as they step up their scrutiny.

The C.N.I.L., said it had “notified Google of the initiation of an inspection procedure,” the latest step in a drawn-out investigation that began more than a year ago, when the agency said it thought the company’s privacy policy violated E.U. law. Other agencies said they would conduct their own inquiries, building on the work of the C.N.I.L.

The Google privacy policy streamlined the individual practices that had been in place across more than 60 Google services, from its search engine to its online mapping operation to YouTube.

The company said at the time that this was necessary to provide clarity to users, and to improve its services.

But European regulators, led by the C.N.I.L., which was empowered to investigate on behalf of 27 individual E.U. regulators, complained that the company had been insufficiently forthcoming about its use of personal data, especially when the information was used across different services for purposes like advertising.

Last October, the heads of the 27 agencies wrote to Google’s chief executive, Larry Page, demanding changes in the policy. They asked the company to do so within four months or risk sanctions.

“After this period has expired, Google has not implemented any significant compliance measures,” the C.N.I.L. said in a statement.

Google has insisted that its use of data complied with E.U. law, and it stood by that position Tuesday. “We have engaged fully with the data protection authorities involved throughout this process, and we’ll continue to do so going forward,” the company said.

Each of the national regulators now investigating Google has different procedures and enforcement powers.

In France, for example, the C.N.I.L. can fine privacy violators up to €300,000, or about $390,000 — a drop in the bucket for a global giant like Google. In some countries, regulators can bring criminal complaints; in others they cannot.

The European Commission, led by its vice president, Viviane Reding, has been pushing for an overhaul of the bloc’s privacy laws, under which data protection would be centrally regulated across the 27 countries. But the idea faces opposition from some member states.

The announcement Tuesday means the investigations into the privacy policy could continue for months, during which time Google could continue to keep the system in place.

“It is essential regulators find a sanction that is not just a slap on the wrists and will make Google think twice before it ignores consumer rights again,” Nick Pickles, director of Big Brother Watch, a privacy advocacy group in Britain.

Meanwhile, Google this week announced plans to replace its director of privacy for product and engineering, Alma Whitten, who helped create the privacy policy. Lawrence You, who helped start the team, will take over.

The privacy team at Google, which has 350 employees, was started in 2010 after two major privacy blunders at the company involving improper data collection by Street View cars and Buzz, an ill-fated social networking tool.

The employees do things like coach Google engineers on adding more privacy-friendly features to products, build tools like dashboards for Google users to control how their information is shared and make it more difficult for hackers to break into Gmail accounts.

The company said that Ms. Whitten’s retirement, though she is in her 40s, had been planned and was unrelated to the E.U. news.

“Alma has done so much to improve our products and protect our users,” Chris Gaither, a Google spokesman, said in a statement. “The privacy and security teams, and everyone else at Google, will continue this hard work to ensure that our users’ data is kept safe and secure.”

Claire Cain Miller contributed reporting from San Francisco.

Article source: http://www.nytimes.com/2013/04/03/technology/google-to-face-national-regulators-over-privacy-policy.html?partner=rss&emc=rss

Speak Your Mind