Data protection agencies in Britain, Germany, Italy, Spain and the Netherlands said on Tuesday that they were moving to take action against Google over the policy, which the company introduced last year. They joined the French regulator, which had initiated a European Union inquiry on behalf of its counterparts across the 27-nation bloc.
While the regulators have repeatedly threatened the company with tough talk of a united front, the news on Tuesday reflects the reality that privacy laws are fragmented across the European Union, giving Google little incentive to yield.
Enforcement is a matter for national agencies, rather than Brussels. But the French data protection agency, which is known by the initials C.N.I.L., said it would cooperate with the other countries as they step up their scrutiny.
The C.N.I.L. said it had “notified Google of the initiation of an inspection procedure,” the latest step in a drawn-out investigation that began more than a year ago, when the agency said it thought the company’s privacy policy violated European Union law. Other agencies said they would conduct their own inquiries, building on the work of the C.N.I.L.
The Google privacy policy streamlined the individual practices that had been in place across more than 60 Google services, from its search engine to its online mapping operation to YouTube.
The company said at the time that this was necessary to provide clarity to users, and to improve its services.
But European regulators, led by the C.N.I.L., said that the company had been insufficiently forthcoming about its use of personal data, especially when the information was used across different services for purposes like advertising.
Last October, the heads of the 27 regulatory agencies wrote to Google’s chief executive, Larry Page, demanding changes in the policy. They asked the company to do so within four months or risk sanctions.
“After this period has expired, Google has not implemented any significant compliance measures,” the C.N.I.L. said in a statement.
Google has insisted that its use of data complies with European Union law, and it stood by that position Tuesday. “We have engaged fully with the data protection authorities involved throughout this process, and we’ll continue to do so going forward,” the company said.
Each of the national regulators now investigating Google has different procedures and enforcement powers.
In France, for example, the C.N.I.L. can fine privacy violators up to 300,000 euros, or about $385,000 — a drop in the bucket for a global giant like Google. In some countries, regulators can bring criminal complaints; in others, they cannot.
The European Commission, led by its vice president, Viviane Reding, has been pushing for an overhaul of the bloc’s privacy laws, under which data protection would be centrally regulated. But the idea faces opposition from some member states.
The announcement on Tuesday means the investigations into the privacy policy could continue for months, during which time Google could continue to keep the system in place.
“It is essential regulators find a sanction that is not just a slap on the wrists and will make Google think twice before it ignores consumer rights again,” said Nick Pickles, director of Big Brother Watch, a privacy advocacy group in Britain.
Separately, Google this week announced plans to replace its director of privacy for product and engineering, Alma Whitten, who helped create the privacy policy. Lawrence You, who helped start the team, will take over.
The privacy team at Google, which has 350 employees, was started in 2010 after two privacy blunders at the company involving improper data collection by Street View cars and Buzz, an ill-fated social networking tool.
The privacy team does things like coach Google engineers on adding more privacy-friendly features to products, building tools like dashboards for Google users to control how their information is shared and making it more difficult for hackers to break into Gmail accounts.
The company said that the retirement of Ms. Whitten, who is in her 40s, had been planned and was unrelated to the European Union news.
“Alma has done so much to improve our products and protect our users,” Chris Gaither, a Google spokesman, said in a statement. “The privacy and security teams, and everyone else at Google, will continue this hard work to ensure that our users’ data is kept safe and secure.”
Claire Cain Miller contributed reporting.
Article source: http://www.nytimes.com/2013/04/03/technology/google-to-face-national-regulators-over-privacy-policy.html?partner=rss&emc=rss