Google appeals €150,000 fine from French privacy watchdog over new policies

The appeal suspends an order obliging Google to explain to users of its French homepage why it has been fined

Google has lodged an appeal against the €150,000 (US$205,000) fine imposed by the French privacy watchdog, a company spokesman said Tuesday.

On Jan. 9, the French National Commission on Computing and Liberty (CNIL) fined Google for introducing new privacy policies breaching French data protection laws. It also ordered Google to post the decision against it on the homepage of google.fr within eight days of receiving formal notification of the ruling, and to keep the post up for 48 hours.

Google has appealed the ruling, a company spokesman said, declining to detail when and where the appeal was made, or on what grounds.

However, according to a report in French newspaper Le Figaro on Tuesday, the appeal was lodged on Monday with the Council of State, the supreme court for administrative matters. The company filed an appeal against the ruling on the merits of the case, and an urgent action seeking a suspension of the ruling, according to the report. That would be sufficient to spare it the embarrassment of reporting CNIL's fine on its site until after the Council has examined the case.

The Council's ruling could come as early as next week, according to Le Figaro. Such a rapid response would be in sharp contrast to the pace of the legal action against the company.

Google made the changes to its privacy policy in March 2012, replacing a policies covering a variety of products with one document allowing it to combine information about a person's usage of the different services into a single profile. Typically, such combinations of different sets of personal data are outlawed by French privacy law unless specifically authorized.

CNIL spent a year exchanging a series of increasingly frosty letters with the company before beginning its formal investigation of the new policy in April 2013.

In June, the Commission asked Google to explain to its users the ways in which data about them is used; to keep that data only for as long as is necessary for those uses; not to combine different data sources without prior approval; to obtain informed consent from users before saving cookies in their browsers, and to treat "passive" users of its services fairly, for example those who merely visit sites that carry DoubleClick or Analytics code, or Google +1 buttons.

Finally, in the face of Google's continued refusal to change the policy, CNIL imposed the maximum fine within its powers, €150,000. That's just over 0.01 percent of Google's annual revenue in France, according to a study by VRDCI, a French search optimization agency. If Google continues to offend, CNIL could impose a second fine of up to €300,000.

Google maintains that it has cooperated with CNIL. "We've engaged fully with the CNIL throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services," the company said Tuesday, using the same formula with which it greeted the imposition of the fine last week.

The company faces fines or continuing legal action against its revised privacy policy in other European countries, where a number of data protection authorities agreed to take concerted action against the company.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Tags GooglesecurityregulationlegalFrench National Commission on Computing and Liberty (CNIL)governmentprivacy

More about DoubleClickGoogleIDG

Comments

Comments are now closed

Telstra to carry out Etihad Stadium tech upgrade

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
CIO
ARN
Techworld
CMO