Google hasn’t provided “any precise and effective” responses to EU data-protection regulators’ recommendations, France’s National Commission for Computing and Civil Liberties, or CNIL, said in a statement today.
EU regulators “are determined to act and continue their investigations” and take “repressive action” by summer, CNIL said, without defining what that may entail. CNIL led the probe on behalf of the other EU privacy agencies.
Google, operator of the world’s largest search engine, faces privacy investigations by authorities around the world as it debuts new services and steps up competition with Facebook Inc. for users and advertisers. Google changed its system to create a uniform set of policies for more than 60 products last year, unleashing criticism from regulators and consumer advocates concerned it isn’t protecting data it collects.
Google also said it responded to the October letter on Jan. 8, listing changes already made to improve the privacy protections, and sought a meeting to discuss their findings. It said it hasn’t heard back.
CNIL spokeswomen didn’t immediately return calls and e-mails about Google’s response.
CNIL complained again about Google’s “unsatisfactory” responses to its queries in October, giving Google until this month to fix the policy. CNIL could levy fines should Google fail to comply, Chairwoman Isabelle Falque-Pierrotin said, calling it “probable” that other European agencies would pursue Google if it doesn’t address the issues.
CNIL’s fining powers pale in comparison with Google’s financial might. The company earned more than $10 billion last year and CNIL’s heaviest fine to date was 100,000 euros ($134,000) -- against Google in 2011 for breaches related to its Street View mapping service.
And while CNIL said today that other EU data-protection watchdogs could also pursue Google, not all of them have fining powers. Regulators in the U.K., Ireland and Austria, which is one that can’t levy financial penalties, said in October they would first see how Google reacts to the letter before considering any other actions.
EU Justice Commissioner Viviane Reding proposed changing the bloc’s almost 18-year-old data-protection rules and how they’re administered to toughen protections and make things simpler for companies, putting them under one regulator rather than potentially facing multiple inquiries on the same subject, as Google faced on Street View.
In the meantime, agencies are striving to coordinate actions to speak with one voice and minimize redundant efforts. CNIL’s work conducting one investigation into a Europe-wide question on Google and the letter signed by 27 European data protection authorities marks the first time this happened.