Google’s Neck On The Line: EU Threatens “Repressive Action”

EU action Google

European privacy watchdogs are squaring up for a titanic clash with Google after the internet giant ignored orders to undo the sweeping changes made to its privacy policy last year which affected services including Gmail, YouTube and Google Search.

Google’s defiance of the order means that things are likely to come to a head before the summer, with authorities in several European countries determined to curb the way in which the software company goes about collecting data from its users. It’s believed that regulators have already drawn up an ‘action plan’, and this is expected to be approved at a special Article 29 Working Party (A29WP) meeting next week, which will bring together data protection authorities from across the EU.

The A29WP had previously asked Google to delay the introduction of its new privacy policy, which effectively unified its services under one banner. However, Google flatly refused to do so, rolling out the changes on March 1 of last year according to schedule.

Europe’s privacy watchdogs asked for the delay in order that they could have more time to examine Google’s policy changes, and the internet company’s refusal to do so prompted A29WP to ask France’s National Commission on Computing and Liberty (CNIL) to carry out a full investigation in response to this. CNIL then spent several months investigating the policy changes before publishing a report on October 16 that that was heavily critical of the US firm. While stopping short of ordering Google to reverse the changes it had made, CNIL did make a number of demands from the company, including that it should provide users with more information regarding its privacy policy, that it stop combining data from different sources when there is no legal justification to do so, and that it undertake to delete personal data after a specified period of time.

Isabelle Falque-Pierrotin, the President of CNIL, said at the time that she was expecting to hear from Google in the next three to four months, with the understanding that it would adhere to the watchdog’s recommendations. Failure to do so could result in the authorities taking further action, she warned. However, A29WP didn’t set any firm deadline by itself, instead leaving it to individual national data protection authorities to decide whether or not to take further action against Google.

Today however, it seems that Europe has finally run out of patience.

“After a four month deadline that was granted to Google in order to comply with the European data protection regulation and to implement effectively [A29WP] recommendations, no answer has been given,” said CNIL in a statement earlier today.

“On Feb. 18, European data protection authorities have noted that Google did not provide any precise and effective answers to their recommendations. In this context, the E.U. data protection authorities are committed to act and continue their investigations. Therefore, they propose to set up a working group, led by the CNIL, in order to coordinate their repressive action which should take place before the summer.”

It’s not clear what kind of sanction Google might face, but whatever form of “repressive action” European authorities try to take is likely to be stiffly contested by Google. While the internet company has yet to respond to CNIL’s latest statement, it doesn’t appear to be in any mood to back down. Just this weekend, Google’s Global Privacy Counsel Peter Fleischer wrote a damning indictment of Europe’s privacy laws on his personal blog, slamming them for being “quixotic, vague and innovation-inhibiting.”

Google could also end up coming to blows with the EU over a separate issue – that of its alleged anti-competitive practices – where it has been accused of disadvantaging competitors by manipulating its search engine rankings to show its own products and services ahead of its rivals. Google did at least respond to that probe, and the EU’s anti-trust commissioner is now looking into its proposals.