Six EU states go to war against 'non-compliant' Google over privacy policy

Six EU states go to war against 'non-compliant' Google over privacy policy
Leading European watchdogs have banded together to start legal action against Google, after the internet search giant repeatedly refused to alter its privacy policy. The US company denies any wrongdoing.

France, the UK, Germany, Italy, the Netherlands and Spain accuse the internet giant of potentially violating EU citizens’ rights in its unified privacy policy it adopted just over a year ago, and ignoring demands to change it.

“Google has not implemented any significant compliance measures,” said a statement from France’s regulator CNIL, referring to a document in which the EU-wide data protection committee published last October, but has provoked no alterations to the text of the policy.

“It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation.”

The six bodies will now be able to impose fines numbering in the hundreds of thousands of Euros on Google, though more importantly they can also restrict it from collecting users’ data – a vital part of the search engine’s business model.

"We have put in place a countdown for Google now. Promises to change will no longer be enough," Isabelle Falque-Pierrotin, CNIL's president, told Reuters.

CNIL says the legal action followed an unsuccessful last-ditch negotiation with the company’s representatives on March 19, but Google does not believe it is breaking the law.

“Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the DPAs involved throughout this process, and we’ll continue to do so going forward," said a statement from a company spokesman.

Regulators have said that the new policy, which also unified the logins of any users of over 70 different services, allowed Google to collect a vast array of data and store it for an indeterminate amount of time, as well as combining it in ways that are not clarified to the user when they signed up. The watchdogs have called the data gathering “disproportionate”, and say that it poses a “high risk” to customers.

But before the regulating bodies can take any action, they will have to legally prove that Google is breaking the law, or at least has put itself in a position to do so, though Falque-Pierrotin has declared that significant evidence has already been gathered, an investigation will "not start from scratch”.

The European Commission is also in the process of developing new tough regulations on internet services that would force them to introduce more end-user control, such as the Right to be Forgotten (forcing the company to delete all traces of a user who has decided to quit a service) and penalize them up to 2 percent of annual global turnover if they refuse to do so. The policy, known as the General Data Protection Regulation, may be introduced as early as next year.