Google May Face Fines for Not Answering Watchdog Concerns

Google Inc. may be fined by European Union data-protection agencies after failing to meet a deadline to say how it will bring its privacy policy in line with EU rules.

Google hasn’t provided “any precise and effective” responses to EU data-protection regulators’ recommendations, France’s National Commission for Computing and Civil Liberties, or CNIL, said in a statement today.

EU regulators “are determined to act and continue their investigations” and take “repressive action” by summer, CNIL said, without defining what that may entail. CNIL led the probe on behalf of the other EU privacy agencies.

Google, operator of the world’s largest search engine, faces privacy investigations by authorities around the world as it debuts new services and steps up competition with Facebook Inc. for users and advertisers. Google changed its system to create a uniform set of policies for more than 60 products last year, unleashing criticism from regulators and consumer advocates concerned it isn’t protecting data it collects.

“Our privacy policy respects European law and allows us to create simpler, more effective services,” Mountain View, California-based Google said in an e-mailed statement today. “We have engaged fully with the CNIL throughout this process and we’ll continue to do so going forward.”

Already Answered

Google also said it responded to the October letter on Jan. 8, listing changes already made to improve the privacy protections, and sought a meeting to discuss their findings. It said it hasn’t heard back.

CNIL spokeswomen didn’t immediately return calls and e-mails about Google’s response.

Earlier in this affair, Google and CNIL disagreed over the quality of the company’s responses to data-protection concerns. Google twice defied requests to delay its March 1 start date to implement the streamlined privacy policy until CNIL could review it. Google then provided what CNIL called “often incomplete” information in response to a list of 69 questions, earning a rebuke in May and more questions.

CNIL complained again about Google’s “unsatisfactory” responses to its queries in October, giving Google until this month to fix the policy. CNIL could levy fines should Google fail to comply, Chairwoman Isabelle Falque-Pierrotin said, calling it “probable” that other European agencies would pursue Google if it doesn’t address the issues.

Small Fines

CNIL’s fining powers pale in comparison with Google’s financial might. The company earned more than $10 billion last year and CNIL’s heaviest fine to date was 100,000 euros ($134,000) -- against Google in 2011 for breaches related to its Street View mapping service.

And while CNIL said today that other EU data-protection watchdogs could also pursue Google, not all of them have fining powers. Regulators in the U.K., Ireland and Austria, which is one that can’t levy financial penalties, said in October they would first see how Google reacts to the letter before considering any other actions.

EU Justice Commissioner Viviane Reding proposed changing the bloc’s almost 18-year-old data-protection rules and how they’re administered to toughen protections and make things simpler for companies, putting them under one regulator rather than potentially facing multiple inquiries on the same subject, as Google faced on Street View.

In the meantime, agencies are striving to coordinate actions to speak with one voice and minimize redundant efforts. CNIL’s work conducting one investigation into a Europe-wide question on Google and the letter signed by 27 European data protection authorities marks the first time this happened.

Before it's here, it's on the Bloomberg Terminal.