CNIL Continues Investigation – UPDATE

On 16th February 2013, France’s National Commission for Computing and Civil Liberties, (CNIL) announced that in response to Google’s Privacy Policy, it would be forming a working group “in order to coordinate their repressive action which should take place before summer”. The probe itself focused on the degree to which the Privacy Policy directly impacts the personal privacy of its users.

This latest announcement indicates that not only has the Data Protection Authority found that the concerns it was investigating are valid, but the advertising giant has also proven to be non-cooperative throughout. The CNIL’s statement noted that Google had not provided “any precise and effective” responses in answer to an EU-wide investigation and that this was a deciding factor in the continuation of the investigation. This has in fact been the disposition of Google throughout the process.

Going back as far as May 2012 just 8 weeks after concerns were initially voiced, the French Data Protection Authority (the CNIL) wrote to Google expressing its regret that responses to earlier questionnaires concerning Google’s privacy policies were “often incomplete or approximate”.

A further indication of Google’s disassociation and even disregard for Europe’s DPAs has been its ever present statement in response to media enquiries, which has not changed at all since the start of the investigation, even though the circumstances have evolved. The statement itself in fact seems to be completely at odds with that of the CNIL, with Google expounding on-going engagement and coordination whilst the regulators saying the complete reverse.

ICOMP Director Auke Haagsma said, “As ICOMP’s director with responsibility for our Privacy Working Group I have been meeting with a number of lawyers, regulators, media and other concerned parties around Europe to discuss how to get the right balance on privacy. One thing stands out from all these conversations: people want to be able to trust that companies to whom they give sensitive personal information use that information very carefully and in full respect of their privacy. Google’s attitude towards the CNIL specifically and European Privacy rules generally seem to fly completely in the face of this reasonable expectation.

Just two days after it refused to even respond to the CNIL and provide clear explanations to the users of its products on what personal data it collects and what it will use this for, Google’s Global Privacy Counsel called Europe’s privacy rules “whacky” and  “hopelessly vague”.  His view is very simple: if Europe wants “fast innovation” which is “the only hope to maintain high rich-world living standards for our aging Western societies” it has to allow Google to act as it pleases, if it wants to protect the privacy of its citizens Google will offer them “slower, less-cutting-edge services”. 

ICOMP will continue to conduct conversations with members, interested parties and media across Europe about digital privacy. The Initiative would like to see Google take this investigation seriously by cooperating with the CNIL, working on behalf of Europe’s citizens to protect their privacy and personal data.

UPDATE, 27 February 2013:

The CNIL has today expanded on an earlier announcement that it would be undertaking coordinated “repressive action” against Google “before the summer” by announcing that the company would be called to appear before a group of EU data privacy watchdogs “in the coming weeks” to answer for its failure to bring its privacy policies into line with European legislation despite being given ample time and opportunity to do so. ICOMP welcomes this decisive step to protect consumer privacy from the pernicious conduct of one dominant player in the online market. 



The ICOMP Secretariat