European states take aim at Google privacy

EUROPEAN regulators moved a step closer to penalising Google for the way it handles user data yesterday after the search engine refused to change its privacy policy.

The UK, France, Germany, Italy, the Netherlands, and Spain said they had begun a process to decide if Google’s policy introduced in March 2012 broke national laws.

Google consolidated 60 privacy policies into one last year and started combining data collected on individual users across its services, such as YouTube, Gmail and social network Google+. It gave the users no means to opt out.

Twenty-nine European data protection regulators began a joint enquiry as a result.

The enquiry, led by France’s CNIL, found in October that Google’s new policy posed a “high risk” to the privacy of individuals, although it stopped short of declaring it illegal.

The regulators gave Google until February to propose changes but the search engine did not make any after a 19 March meeting with national regulators. “Regulators in six states have begun the process of looking at penalties, and each must now act based on national law,” said Isabelle Falque-Pierrotin, CNIL’s president.

“We have put in place a countdown for Google now. Promises to change will no longer be enough.”

The six states have the power to impose fines on Google, said Falque-Pierrotin, but each must go through a local inquiry to determine that a wrong had been committed under national law even after the European joint position published in October.

Google said it would continue to cooperate with European regulators.