Google Sheridan Co Information Commissioner's Office

As six EU countries target Google over its data policy - should the search giant and the rest of us be nervous?


By Stephen Lepitak, -

April 4, 2013 | 6 min read

The power of Google is mighty, but even it might have reason for concern as it faces legal action from six different countries across the EU over changes made to its privacy policy.

Last month, Google missed the four month deadline to alter its data policy after a ruling by a European Commission that Google’s decision to merge its data services went against the EU’s Article 29 Data Protection Working Party.

The reasons for the search giant’s failure to comply were found to be that it had not informed its users how their personal data would be used, that it did not allow users to adequately control how the company uses their data, and it did not say how long it would hold the data for.

Google’s stance in not offering a response indicates that it is positive that it will emerge triumphant, although that confidence was perhaps shaken this week when its current privacy officer, Alma Whitten, announced that she was to step down in June after three years.

The data battle between Google and the Information Commissioner’s Office (ICO) of the UK, the Commission nationale de l'informatique et des libertés (CNIL) from France and other data protection authorities from Italy, Spain, the Netherlands and Germany will certainly be one to watch.

A Google spokesperson said in a statement over the situation: “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the Data Protection Authorities (DPAs) involved throughout this process, and we’ll continue to do so going forward."

However Eitan Jankelewitz, a lawyer with legal firm Sheridan’s who specialises in online, said that he believed that Google’s data use failed to comply with EU law, and therefore the DPAs were obligated to act.

He added that the maximum fine that Google may face for UK data protection breaches would be limited to £500,000, which would be unlikely to upset the company’s chief financial officer’s lunch should that decision arise.

However, proposals have been put forward by the European Commission that the maximum fine be altered to two per cent of the global turnover of companies who are found to be in breach of the regulations, which would escalate the situation to possibly reach hundreds of millions of euros. That might mean the chief financial officer skips lunch altogether that day. Such changes could be in place by as early as this year, should they take effect.

“The question that the Google / EU case now raises is to what extent consumers understand the value of their personal data, what platforms do with that data, and that the same data is their ‘cost of entry’ to ‘free’ platforms and services such as Google and Facebook,” commented Craig Le Grice, global technology, digital and strategy leader for Aegis.

“Ultimately, Google - and those like it - is abiding by the terms and conditions that it has ‘agreed’ with its users. The issue I see is that 99.99 per cent of all consumers ‘agreeing’ to such terms and conditions have no real grasp of what they mean. Consumers have the legal (and moral, arguably) right to know how their information will be saved and what the data collector will then do with it. Because of the complexity of terms and conditions, they currently don't,” Le Grice added.

That level of transparency is perhaps a pipe-dream, and certainly there seems to be little ground swell among the wider populace over what happens with their personal data, until it actually becomes apparent to them in an intrusive and unauthorised manner.

Larry Kim, founder and chief technology officer for US-based search marketing software provider WordStream, admitted to knowing little about EU privacy concerns, but put the situation into a global perspective: “In general Europeans might be better off embracing the notion that online privacy doesn’t exist. My golden rule of online privacy is to treat anything you put online as being public as opposed to relying on the privacy policies of various companies.”

So what does this all mean for Google and for companies around the world who now trade and feed on the personal data supplied by internet users the world over? Should we all be watching this situation unfold with bated breath, or will the collective apathy of the general public likely mean that the decision goes unnoticed? Unfortunately, It’s hard to believe the latter would not be the case.

“The results of these investigations are likely to force Google to improve the transparency and accessibility of data as well as the ease of understanding what personal data is collected and how it is used,” stated Mark Little, principal consumer analyst at Ovum. “However as the countries involved in the Article 29 working party pursue the investigation, they may have to address Article 20 of new proposals for the General Data Protection Regulation that adds additional safeguards to the individual's right ‘not to be subject to a measure based on profiling’. Targeted advertising might be seen to be one such measure, but enabling the user to opt-out of profiling would be a severe disruption to Google’s bread and butter advertising model and have ongoing ramifications for the internet economy as a whole.”

However this unfolds, the importance of data is undeniable. What happens to Google will have an effect on the world in some respect, one way or another.

Read the thoughts of Lewis Blackwell,former worldwide creative head of Getty Images, about the innovation taking place around data gathering techniques in his latest blog for The Drum.

Google Sheridan Co Information Commissioner's Office

More from Google

View all


Industry insights

View all
Add your own content +