Tech Law

Google forced into disclosing fine by French privacy watchdog

By Mark Leiser |

February 12, 2014 | 6 min read

Google appears to have managed to avoid a costly fine in Europe where the Competition Commissioner Joaquín Almunia was investigating the company for antitrust practices related to its local Search business, after a third settlement offer was apparently accepted by the EU. However, due to the secrecy surrounding the event, several members of the European parliament (MEP) have already cast their doubts over the deal.

Visitors to the French site were greeted by a notice informing users that "the CNIL has fined Google €150,000 for violating the law on “information and freedoms,” said the notice. “The decision can be accessed at the following web address,” it said, providing a link.

France is not the only European country unhappy with Google’s approach to personal data management. Spain, the UK, Germany, Italy and Holland have all opened proceedings against the search engine giant. Uniform throughout every dispute is the belief that Google has breached data protection rules over how personal data is processed and stored.

In the UK, the Information Commissioner Office (ICO) has taken issue with the way that Google collects data across the various Google services like YouTube, Gmail and Google+. Previously each one of Google’s products and services had its own privacy policies, and in most cases there was an ability to opt out of the data collection that Google operated. However, last year Google streamlined all of their privacy policies into one policy without any opt-out provision.

The latest marketing news and insights straight to your inbox.

Get the best of The Drum by choosing from a series of great email briefings, whether that’s daily news, weekly recaps or deep dives into media or creativity.

Sign up

The French counterpart to the ICO, the CNIL (National Commission on Informatics and Liberty), is empowered with responsibilities for implementing the European Union’s data protection laws in France. The CNIL had originally demanded that the notice stay on Google’s home page for 48 hours, but after the links appeared; the CNIL website was overwhelmed with traffic and crashed with users trying to read the background story posted on the CNIL site.

Google had appealed against the CNIL fine and the sanction demanding that Google post a notice on the page. The Conseil d’Etat had ruled that there was not enough urgency to warrant a suspension of the sanctions. Effectively, Google could win the appeal after having to accept the sanction imposed by the CNIL.

“We’ve engaged fully with the CNIL throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services,” a Google spokesman said. “We will comply with the order to post the notice, but we’ll also continue with our appeal before the Conseil d’Etat.”

"Throughout our talks with CNIL, we have explained our privacy policy and how it allows us to create simpler and more efficient services," he said.

CNIL argued that the 150,000 Euro fine was justified: “the company does not sufficiently inform its users about the conditions and purposes of processing data” and that “it does not set retention periods for all data process” and that “it allows, without any legal basis, the combination of all the data it collects about users across all of its services”.

This is not the first time Google has been slapped with a fine due to privacy disputes. In November 2013 , the company was fined $17m to settle its case with 37 American States after it circumvented the privacy settings in the Safari browser in order to place advertisement cookies.

Germany fined Google 145,000 euros for the systematic and illegal collection of personal data while it was creating its Street View service, calling on European lawmakers to increase fines for violating data protection.

The European Commission is in the process of developing new and tougher regulations on internet services that would force them to introduce more end-user control. The European proposal on data protection of 2012 (‘the proposed regulation’) is to replace Directive 95/46/EC of 1995 which is said to be outdated – in particular in regards to the way the internet helps contribute to the mass collection of personal and sensitive data. Some notable provisions of the proposed regulation include: the definition of a ‘data subject’ (to mean an identified or identifiable person by means likely to be used); a strengthened ‘right to be forgotten’ (such that individuals can ask for their personal data to be deleted and where there are no legitimate grounds for retaining it, the data will be deleted); right of data portability; requirement for consent to be given explicitly by individuals when it is required for certain types of data processing.

Google made a $10.7bn profit in 2012.

Tech Law

More from Tech Law

View all


Industry insights

View all
Add your own content +