EU data protection regulators begin action against Google

Privacy regulators across Europe are beginning to take action against Google for failing to change the way it manages user data

Privacy regulators across Europe are beginning to take action against Google for failing to change the way it manages user data.

In February, France’s privacy watchdog CNIL warned Google could face could face a coordinated "repressive action" if it failed to comply with EU recommendations.

A set of 12 recommendations was adopted by 27 national regulators in October 2012 after a CNIL-led investigation into Google’s data collection practices.

The EU investigation began in March 2012, when Google started combining data from across its sites to better target advertising, which regulators see as "high-risk" to users’ privacy.

The new policy was implemented after the company combined 60 separate privacy policies into a single agreement, which raised privacy concerns on both sides of the Atlantic.

Google maintains that its privacy practices respect European laws. 

"We have engaged fully with the authorities involved through this process, and we'll continue to do so going forward," it said in a statement.

However, in April CNIL said Google had yet to respond to the EU recommendations, and has now issued a three-month deadline, while Spain has charged Google with infringing its data protection laws.

CNIL wants Google to specify what it is using personal data for, and how long it is held. It also wants Google to let users opt out of having their data centralised in a single location, according to the BBC.

Google faces a French fine of up to €300,000 euros.

The Spanish Data Protection Agency said that it had found evidence of five serious privacy law breaches and that Google cold face fines of up to €1.5m.

The alleged infringements are: disproportionate use of private data, diverting private data for other users, storing private data for excessive or undetermined periods, failure to handle private data in a legitimate way, and obstructing users in the exercise of their rights.

While these fines are small in comparison with Google’s first quarter revenues of $14bn, charges from other EU data protection authorities could follow as the UK, Germany, Italy and the Netherlands all have ongoing investigations into Google's privacy policy.

Privacy watchdogs are also keeping an eye on Google Glass, according to the Guardian.

Earlier this week, 37 data protection agencies sent a letter to Google chief executive, Larry Page, raising concerns about the digital spectacles.

"Fears of ubiquitous surveillance of individuals by other individuals, whether through such recordings or through other applications currently being developed, have been raised," the letter stated.

"Questions about Google's collection of such data and what it means in terms of Google's revamped privacy policy have also started to appear."

The privacy watchdogs want privacy built into the development of products and services, and have requested demonstrations and full consultation with Google before Glass goes on sale.

Read more on Privacy and data protection