Google Faces German Order to Change Handling of Personal Data

Google Inc. is having another run-in with European regulators over the protection of personal data.

This time, the operator of the biggest Internet search engine is violating German rules by compiling customers’ data without asking for their consent, according to Johannes Caspar, who heads the data protection office for the German state of Hamburg. The agency plans to order Google to change its data-handling practices in the coming weeks, he said.

“By compiling data from its different services under a single user ID, Google has access to an in-depth personal profile of its users,” Caspar said by phone, adding Google could face fines if it doesn’t change its practices. “Google has to respect its users’ right of self-determination.”

Google is in discussions with the watchdog over its privacy policy, Hamburg-based spokesman Kay Oberbeck said in an e-mail. The policy allows the company to develop “simpler and more effective offers.”

Google, based in Mountain View, California, implemented a new privacy policy in March 2012 that condensed 60 policies into one that shares and tracks user data across Google e-mail, social networking, YouTube and other services. For instance, terms entered in the company’s search engine will later automatically pop up when the same user accesses the maps application.

The French data watchdog led a probe on behalf of a EU task force to review whether Google’s revisions to its policies violated the bloc’s data protection rules. Regulators from France, Italy, Netherlands, Spain, the U.K. and Germany coordinated enforcement measures in April 2013 over the company’s failure to address the task force’s complaints.

Biggest Fine

France’s National Commission for Computing and Civil Liberties, or CNIL, fined Google the national maximum penalty of 150,000 euros ($210,000) in January for failing to give people enough details about how it uses their personal data. The fine followed a 900,000-euro penalty from Spanish regulators for violation of the country’s privacy law.

Google’s biggest European privacy fine to date was 1 million euros in Italy, after the local regulator found its Street View cars drove incognito across the country, violating the privacy of citizens caught on camera without their knowledge.

Hamburg’s privacy regulator last year fined Google 145,000 euros for collecting wireless-network data from 2008 to 2010 by its cars taking photos for Street View. That service has met with problems in the country since at least 2010, when the software maker agreed to blur views of people’s homes if the residents demanded it.

The EU is seeking to empower national agencies to go beyond current penalties, to make sanctioning global companies more effective. Lawmakers are weighing proposals to fines of as much as 100 million euros or 5 percent of yearly global sales for privacy violations.