E.U. Panel to Pressure Google on Privacy Rules

Share with others:


Print Email Read Later

BERLIN -- European data protection officials are drafting plans to censure Google over its online privacy policy if the company does not eventually meet regulators' demands to revise it.

In a two-day closed-door meeting this week in Brussels of the European Union's 27 national data protection officials, the group mapped a preliminary strategy, including the possibility of testing Google's compliance with national privacy laws in countries like Ireland, Belgium and Finland, where the company operates data centers. That was the word from a person close to the discussions, who was not authorized to speak publicly.

The group may issue a public statement next week on the matter.

New guidelines that Google adopted earlier this year for collecting information on individuals have come under sharp criticism in Europe.

In mid-October the French regulator, C.N.I.L., which had been asked by the group to study the matter, released a report criticizing Google's privacy guidelines as allowing an "uncontrolled combination of data."

C.N.I.L. said the method of combining information from Google's search engine, YouTube, Google+ social network and other services "suggests the absence of any limit concerning the scope of collection and the potential uses of the personal data."

When C.N.I.L. released its report, Google said it would study the analysis. But the company also asserted that its method of handling consumer data was legal under European Union rules. So far the company, which also ran afoul of European regulators in 2010 for its collection of personal data from home Wi-Fi routers, has not responded formally to the C.N.I.L. report.

On Friday, a Google spokesman in Brussels, Alistair Verney, referred to the company's previous statement in October, which said Google was reviewing the French recommendations.

"Our new privacy policy demonstrates our longstanding commitment to protecting our users' information and creating great products," the Google statement said at the time. "We are confident that our privacy notices respect European law."

When C.N.I.L. presented its analysis in October, the chairwoman of the French regulator, Isabelle Falque-Pierrotin, gave the search engine "three to four months" -- roughly until mid-February -- to respond to its recommendations.

Among other things, C.N.I.L. asked Google to heed European restrictions on mixing certain data and to heed Europe's rules for obtaining prior consent from consumers before collecting personal data.

Google users in Europe cannot use the search engine's services unless they agree to accept the company's privacy policy.

But C.N.I.L. argued in its review that the opt-in disclaimer, which is legal under United States law, was too broad. It also said consumers should be given clearer information and be allowed to individually authorize or reject the collection of certain kinds of data.

Google announced its new policy, which applies globally and was presented as a way to simplify the user experience, earlier this year.

The company made nearly all of its $37.9 billion in sales revenue in 2011 from Internet advertising, which relies in part on the collection and analysis of user data to produce ads aimed at individual consumers.

While European lawmakers coordinate European Union data protection from Brussels, privacy law is enforced on the national level.

That decentralization is the reason why regulators are considering taking action within a few nations -- most likely in countries where Google has physical operations and where national courts could be asked to enforce penalties.

But whether any actions, if they do eventually take place, result in anything other minor sanctions remains to be seen. In general, European national regulators are limited to only a few hundred thousand euros in the privacy-violation fines they can assess against companies or individuals.

A proposed update to European Union data protection law would give regulators the ability to assess much larger fines of as much as 2 percent of a company's annual sales -- which based on Google's financial performance would equate to $760 million, based on 2011 revenue of $37.9 billion.

But it is unclear how soon, if ever, those higher penalties will be adopted.

Another person with knowledge of the regulators' discussion this week emphasized that the group was still hoping Google would heed its recommendations and adapt its rules in Europe to conform with the Continent's restrictions on data mining.

"We still have a lot of time left before we come to this juncture," said another person with knowledge of the group's discussions, citing the spring deadline for Google's formal response. "Let's wait and see what happens."

interact

This article originally appeared in The New York Times.


Advertisement
Advertisement
Advertisement

You have 2 remaining free articles this month

Try unlimited digital access

If you are an existing subscriber,
link your account for free access. Start here

You’ve reached the limit of free articles this month.

To continue unlimited reading

If you are an existing subscriber,
link your account for free access. Start here