In 2012, Google rewrite its privacy policy, which gave the company the right to "combine personal information" across multiple Google products. This has concerned multiple instances and is still inside investigation in Europe.
Instead of facing one European investigation into its privacy policy, Google now has to contend with at least six of them. The countries are France, Germany, Italy, the Netherlands, Spain, and the U.K.
Data protection agencies in Germany, Italy, the Netherlands, Spain, and the U.K. said on Tuesday, 2 April 2013, that they were moving to take action against Google over the policy, which the company introduced last year. The agencies joined the French regulator, which had initiated a European Union inquiry on behalf of its counterparts across the 27-nation bloc.
The French privacy watchdog, the Commission Nationale de l'Informatique et des Libertes (CNIL), said that six European countries are launching "coordinated and simultaneous enforcement actions" because Google "has not implemented any significant compliance measures," despite a request for changes to the policy.
"Regulators in six states have begun the process of looking at penalties, and each must now act based on national law," said Isabelle Falque-Pierrotin, CNIL's president, in an interview.
The planned change raised concern in the U.S. Congress, prompted European Union officials to ask Google to postpone the overhaul till its privacy implications could be examined, and led to lawsuits from the Electronic Privacy Information Center and the Center for Digital Democracy, among others.
In February 2013, the CNIL said Google would face a coordinated crackdown if it failed to adjust the policy. The CNIL said on early April that "no change has been seen." The CNIL said it had "notified Google of the initiation of an inspection procedure," the latest step in a drawn-out investigation that began a year ago, when the agency said it thought the company’s privacy policy violated European Union law. Other agencies said they would conduct their own inquiries, building on the work of the CNIL.
"It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," the CNIL said in a statement. "Consequently, all the authorities composing the task force have launched actions on 2 April 2013 on the basis of the provisions laid down in their respective national legislation."
The enforcement actions on the part of the six countries could lead to millions of dollars in fines for Google but that "with a fragmented set of regulators across each country and efforts still in the works to draw up a unified European privacy law that could levy unified fines, it's unclear how coordinated the authorities can be - or how powerful they can be to change big companies like Google."
The six states have the power to impose fines on Google, said Falque-Pierrotin, but each must go through a local inquiry to determine that a wrong had been committed under national law even after the European joint position published in October.
Google's Defend
The Google privacy policy was meant to streamline individual practices that had been in place across more than 60 Google services, from its search engine to its online mapping operation to YouTube. The company said at the time that this was necessary to provide clarity to users, and to improve its services.
But European regulators, led by the CNIL, said that the company had been insufficiently forthcoming about its use of personal data, especially when the information was used across different services for purposes like advertising.
In March of 2012, the same month the new policy was introduced, the CNIL began an inquiry into the legality of the changes. In October 2012, the heads of the 27 regulatory agencies wrote to Google’s Chief Executive, Larry Page, demanding changes in the policy. They asked the company to do so within four months or risk sanctions.
"After this period has expired, Google has not implemented any significant compliance measures," the CNIL said in a statement.
Google, for its part, has maintained that its privacy policy isn't illegal and that the company has consistently cooperated with investigators. Google said it would continue to cooperate with European regulators. A Google spokesman told in an emailed statement that the company's privacy policy "respects European law and allows us to create simpler, more effective services.
Google has insisted that its use of data complies with European Union law. "We have engaged fully with the data protection authorities involved throughout this process, and we’ll continue to do so going forward," the company said.
Each of the national regulators now investigating Google has different procedures and enforcement powers.
The long tussle with the web search giant Google is seen by legal experts and policymakers as a test of Europe's ability to influence the behavior of international internet companies.
The company said that the retirement of Alma Whitten, Google‘s first director of privacy who held her position since 2010, had been planned and was unrelated to the European Union news.