Forgot your password?
typodupeerror
EU Google Privacy

Google Fined By French Privacy Regulator 55

Posted by Unknown Lamer
from the clause-37c-google-owns-your-firstborn dept.
First time accepted submitter L-One-L-One writes "Following similar decisions in Spain and the Netherlands, Google was fined 150,000 euros by the French Data Protection authority today for breaching data protection legislation. This sanction follows a long inquiry triggered by Google's decision to change its privacy policy in March 2012. The authority notably considers that the new policy 'does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing,' and that Google combines 'all the data it collects about its users across all of its services without any legal basis.' While the fine may be barely noticeable for Google, the authority requires the search giant to publish this decision on Google's French homepage, google.fr for 48 hours within the next 8 days."
This discussion has been archived. No new comments can be posted.

Google Fined By French Privacy Regulator

Comments Filter:
  • Leaving aside the (also interesting) question of whether the law as written is a good or bad idea, the sanction doesn't seem to make any sense. Google changed its privacy policy in 2012, in a way that a French court finds doesn't comply with French law. As a result, they must 1) pay 150,000 euros; and 2) publicize a notice on google.fr for 48 hours. But after that, they can keep the offending policy? Seems like a strange law that you can just continue to ignore with a one-time sanction.

    • by Anonymous Coward

      Of course not. If Google continues their, now illegal, behavior, they will face ever increasing fines and eventually criminal charges.

      You did not seriously expect otherwise, did you ?

    • by s.petry (762400)
      Did you miss While the fine may be barely noticeable for Google, the authority requires the search giant to publish this decision on Google's French homepage, google.fr for 48 hours within the next 8 days? This means that the current politicians get a nice fat bonus check and everyone else gets the middle finger.
    • by pavon (30274)

      Yeah that was my reaction as well. The link has slightly more information, and seems to imply that the current policy may comply with French Law, but the way the change took place did not:

      On the substance of the case, the Sanctions Committee did not challenge the legitimacy of the simplification objective pursued by the company’s merging of its privacy policies.
      Yet, it considers that the conditions under which this single policy is implemented are contrary to several legal requirements:

      If that is true, then the change was a one time offense, and a one-time remedy is fitting. That said, I think the remedy ought to have included a "redo" of the policy change not just a fine; declare that Google's users may choose to be bound by either the old or new policy until Google enacts the change in a manner that is

    • by arielCo (995647) on Thursday January 09, 2014 @05:31PM (#45911181)

      They were ordered in June to comply with the French Data Protection Act within three months. Specifically, to:

      * Define specified and explicit purposes to allow users to understand practically the processing of their personal data;
      * Inform users by application of the provisions of Article 32 of the French Data Protection Act, in particular with regard to the purposes pursued by the controller of the processing implemented;
      * Define retention periods for the personal data processed that do not exceed the period necessary for the purposes for which they are collected;
      * Not proceed, without legal basis, with the potentially unlimited combination of users’ data;
      * Fairly collect and process passive users’ data, in particular with regard to data collected using the “Doubleclick” and “Analytics” cookies, “+1” buttons or any other Google service available on the visited page;
      * Inform users and then obtain their consent in particular before storing cookies in their terminal.

      Source [www.cnil.fr]

      • Inform users and then obtain their consent in particular before storing cookies in their terminal

        Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?

        This is the worst kind of law: Written so that everyone is breaking it, and therefore can be selectively applied to anyone. The French regulators wanted to get some positive press at home by beating up on a big American company. Let's all wait patiently while they issue the thousands of fines to French companies violating this same law.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          I can name you hundreds of sites. This is a law in the Netherlands also, and every Dutch site asks for your permission. Want to try one: www.volkskrant.nl (a Dutch newepaper). Isn't it great when your government actually cares about your privacy.

        • by lgw (121541)

          Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?

          Bigcharts.com. A site that displays stock charts - you can configure the display, and when you hit "store settings" there's a pop-up explaining that they need to store a cookie for this purpose, and asking whether that would be OK.

          I always found that classy. And there's no technical reason not to - just acceptance and permissiveness by the user base.

        • by tlambert (566799)

          Inform users and then obtain their consent in particular before storing cookies in their terminal

          Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?

          Google doesn't ask permission to store cookies because it does not use cookies.

        • Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?

          Many sites started to do this recently (slashdot to name one), but I find this rather useless since most people have no clue about what a cookie really is. What matters is what google (and others) do with your data, speciffically with the help of 3rd party sites.

          This is the worst kind of law

          Yeah, you're right, let's do nothing instead... no, kidding, I find this fair and balanced, even though the fine

        • by Anonymous Coward

          Inform users and then obtain their consent in particular before storing cookies in their terminal

          Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?

          Slashdot?

          Browsing as AC, and not choosing to click yes or no, for every page, there is a giant notice:

          Your Choice Regarding Cookies on this Site
          Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on More Information to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.

      • by davecb (6526)
        My company does all that as a matter of course, to meet Ontario law. Surely Google can! I mean, they're not stupid...
    • by Cochonou (576531) on Thursday January 09, 2014 @06:06PM (#45911507) Homepage
      By the letter of the law, the CNIL has a very specific status: this 150 000 € fine is the maximum they can impose.
      They can also impose up to 300 000 € fines in case of second offenses, so I as I understand it, Google could be fined again if they keep the offending policy. This would require a new deliberation of the CNIL. They just cannot impose a fine per day of non-compliance like a court would.
    • by sjames (1099)

      The notice was the part that didn't comply. Once they post the notice, they will be in compliance.

  • Why does this summery link to itself?

    I would expect google.fr [google.fr] to link to the French google homepage.
  • Sergey and Brin can scrape the spare change in the couch to pay this. Why would they care?

    • Holy shit, was there a massive scientific breakthrough at Google's anti-aging lab I missed?

  • Isn't France that country where "everything is allowed, unless strictly forbidden?" I'm fine with the notion Google didn't notify people enough, but why is unifying their data between services inherently illegal?
    • why is unifying their data between services inherently illegal?

      Seems like a backdoor to un-approve M&A arrangements after they've happened.

      "Yeah, that's fine for you to buy this other company. :wait: Oh, you can't share data from the new business unit with the rest of your company."

    • by hurfy (735314)

      I was hoping for an answer also.
      You agreed to give Google your data here and you agreed to give Google your info over there. That seems a legal basis to add the 2 to me.

      • This reasoning does not work (at least not everywhere)

        Let's take an example. We have some corporation that provide banking and medical insurance services (and giving good prices when using both).
        Are you really okay with them crossing both data to evaluate the risk with granting you a loan ? I'm not. They technically "own" both data.
        I'm okay is they ASK me about my health, that's a different thing. They could event ask me the permission to read medical files as long as I can reply "no".Nobody will force me t

    • by X-chan (782883)
      I'm not a specialist about laws so I could be wrong, but we do have a bunch of privacy laws which states quite explicitely what you can and can't do with the data you collected. Each database containing private data must be declared to the CNIL, stating what kind of info you're gathering, for which purpose, etc. So you just can't acquire and merge a bunch of databases without any kind of justification because their combination would be a much greater threat to privacy than both databases separated.
      • by duranaki (776224)
        Thanks for your comment, gave me something to look up: http://en.wikipedia.org/wiki/CNIL [wikipedia.org] :) I'm still unsure on the language of the complaint, but I suppose the privacy laws may specifically outlaw connecting separate databases without some legally defined justification, and Google hasn't provided a legal basis that would grant them an exclusion. Of course I'm no expert either, especially in the field of French law. I wish one of those reporters would flush out the specific violation in this area.
  • So long as there are no jail terms for execs, and the penalties remain (and they are) a fraction of what they made, Google will keep doing this.

    Remember what it says in the Google charter: "First, Be Evil".

  • ...so why not they tell The People (the users), exactly how their data is being used?
  • Someone at google HQ won't be having dessert with their lunch today.

It is much easier to suggest solutions when you know nothing about the problem.

Working...