Photographer: Adam Berry/Getty Images

Google Loses Most of Challenge to German Data-Privacy Order

Updated on

Google Inc. lost most of a challenge to a German regulator’s order that limits how it can combine user data that would allow the company to divine customers’ personal preferences, marital status and sexual orientation.

Johannes Caspar, Hamburg’s privacy watchdog, only heeded minor parts of Google’s objection to an order issued in September, he said in an interview Wednesday. The company is obligated to either limit how it uses German customer data or get user consent, he said.

“It would certainly be the best solution if Google would now implement the order,” said Caspar, who is among the region’s more aggressive privacy regulators.

Google, Facebook Inc. and other technology companies are under increasing pressure from regulators to ensure that privacy rights are respected as computer users unwittingly reveal more data online through shopping, social networking and web searches.

Google can attempt to overturn today’s decision in court. Klaas Flechsig, a spokesman for Google in Hamburg, said the company was reviewing what steps to take.

“We’ve engaged closely with the Hamburg Data Protection Authority throughout this process to explain our privacy policy and to address their concerns,” Flechsig said in an e-mailed statement.

More Control

The German watchdog last year ordered Google to give users more control over how their data is used. Under the terms of Google’s 2012 privacy policy, the Mountain View, California-based company could combine data it retrieves when customers use various services, including Gmail. That policy would have allowed Google to determine people’s financial situation, sexual orientation and relationship status, the Hamburg regulator said at the time.

European privacy regulators from six countries in 2013 coordinated enforcement measures over the company’s failure to address complaints about its privacy policy. The European investigations started after the company sought to harmonize privacy policies for more than 60 products.

Google told European regulators at a meeting at the end of March that it is willing to make “substantial changes” in its services to meet data-protection concerns, Caspar said in an e-mailed statement.

“This suggests that the combined effort of regulatory authorities at the European level are making an impact on the U.S. company,” Caspar said.

French Led

France’s data protection authority led the probe on behalf of the EU group to review whether Google’s revisions to its policies violated the bloc’s rules.

The Dutch data privacy regulator in December said Google may be fined as much as 15 million euros ($16.3 million) if it failed to meet a February deadline to comply with the country’s demands. The Dutch regulator said Wednesday in an e-mail that it hasn’t yet issued any fines and is in the process of assessing “if the conditions are met.”

This followed a 900,000 euro-penalty from Spain’s data watchdog in 2013 and another 150,000 euros Google was asked to pay in January 2014 by the French regulator for breaching local privacy rules.

In January, Google pledged to improve its policy for U.K. customers after a related probe in that country.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE