Google Inc. and Facebook Inc. were criticized by German data protection regulators for “delay tactics” and “impertinent” behavior when responding to probes into their privacy policies.
Experience has shown that “Google will keep making attempts to delay investigations through continuous correspondence and always freshly packaged arguments,” Peter Schaar, Germany’s federal data protection commissioner, said in a report yesterday. Facebook was separately described earlier this month as having “impertinent” behavior by Thilo Weichert, the privacy regulator for the German state of Schleswig-Holstein.
Google and Facebook are among U.S. Internet companies under scrutiny in the European Union for possible privacy-rule violations over the use of consumers’ personal data.
Google, operator of the world’s largest search engine, faces investigations after it changed its privacy system to create a uniform set of policies for more than 60 products last year. Six data protection regulators started “coordinated” enforcement measures this month over the Mountain View, California-based company’s failure to fix complaints about the new system.
Google’s data protection policy “is in line with European law and allows us to develop simpler and more effective services,” the company said in an e-mailed statement. “We have acted in a cooperative way on this with all data protection commissioners involved and will also do so in the future.”
Facebook, which has its European base in Ireland, was subject to an audit by the Irish data-protection authority into privacy issues with its facial-recognition feature last year. That review pushed the owner of the biggest social-networking site to delete data identifying faces in users’ photos.
Germany’s Weichert said in a statement on April 19 that it’s “brash how Facebook is trying to take those who are politically responsible for fools” as it sought to increase traffic to its site and find “political and social acceptance.”
A German appeals court this week rejected a bid by Weichert’s agency to force Facebook to allow users to register under pseudonyms. The Menlo Park, California-based company said the court recognized that Facebook’s European operations are supervised by the Irish data protection regulator.
“We’re seeking to have a constructive dialogue with all groups, also with our greatest critics,” Facebook said in a statement. “Dialogue means: one shouldn’t just talk about Facebook, but also with Facebook.”
Microsoft Corp.’s recent changes to its service agreement are also being examined by EU regulators.
“It’s a similar investigation to the one with Google,” Schaar said in his report, which summarizes the German regulator’s activities in 2011 and 2012.
Luxembourg’s regulator has taken the lead in that probe, with the support of France’s privacy watchdog. The two countries are examining “concise and exhaustive” answers they got from Microsoft earlier this month, Gerard Lommel, head of the Luxembourg privacy regulator, said by phone yesterday.
The investigation may be concluded as soon as July, Lommel said.
“It will take another month at least until we can see more clearly where we stand with this case,” he said.
Viviane Reding, the EU’s justice commissioner, last year proposed plans to update the bloc’s data protection rules that would allow national authorities to fine companies as much as 2 percent of yearly global sales for “intentionally or negligently” violating the rules. The overhaul is under consideration by the European Parliament and EU governments.