Google will meet with France’s data protection watchdog next week to answer questions about its new user privacy policy as part of a Europe-wide investigation.
France’s Commission Nationale de l’Informatique (CNIL) is examining Google’s approach to privacy on behalf of data protection regulators of the 27 European Union member states to determine if it conforms with European law.
The CNIL review could lead to financial penalties or administrative sanctions for the US search giant, but it is not clear whether they would be imposed collectively or if individual states would seek their own fines.
The CNIL can impose fines of up to €300,000, and other European regulators can levy higher penalties.
“All options are on the table,” said CNIL president Isabelle Falque-Pierrotin said. “We are not totally satisfied with their responses so we have set up this meeting to discuss the issues with Google.”
Google has already provided a 94-page response to a CNIL questionnaire on the new policy, which took effect in March.
I don’t have a preconceived notion of whether Google’s privacy policy conforms with European law; we are examining that now
“We want to untangle the precise way that specific personal data is being used for individual services, and examine what the benefit for the consumer really is,” added Falque-Pierrotin.
Pooled policy
Under its new system, Google consolidated 60 privacy policies into one and pooled the data collected on users across its services, including YouTube, Gmail and its social network Google+.
Google says this allows it to better tailor search results and improve services for consumers, but users are not allowed to opt out.
The move was met with concern not only from Europe, but also from US lawmakers and regulators as far afield as Japan, Canada and Argentina.
Anthony House, a Google spokesman, said the company welcomed the meeting with the CNIL and was confident its privacy notices “respected the requirements of European data protection law”.
“The meeting will give us chance to put things into context and explain the broader actions we are taking to protect our users’ privacy,” he said.
After meeting with Google in next week, the CNIL will provide an update to the broader group of 27 European data protection regulators from Europe’s member states at a meeting set for early June.
Asked how long Europe’s review would take, Falque-Pierrotin said it depended on how the meeting with Google went. If the CNIL can reach a final analysis quickly, then it will present a final opinion to the broader group in June or a preliminary view to if more work was needed.
“I don’t have a preconceived notion of whether Google’s privacy policy conforms with European law; we are examining that now,” she said.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
