March 25, 2013
Government privacy authorities in several European countries, led by France, are on the verge of launching a major enforcement action against Google’s information privacy policies and practices. The authorities allege that Google’s process for handling personal information of users violates the European Union’s information privacy regulations.
Of particular concern to European regulators is Google’s policy of sharing personal information of users among all of the services owned by Google. The authorities are troubled by the fact that Google routinely shares user information between services including its Gmail and YouTube offerings.
European authorities contend that Google’s active sharing of information among its diverse business units violates EU information privacy requirements. Privacy officials in Europe requested that Google take remedial action, such as implementing a process to make it easier for users to opt-out of online advertising. The authorities claim that Google has not responded adequately to those recommendations.
Google reportedly takes the position that its privacy practices are in full compliance with European requirements. The company indicated that it is continuing to cooperate fully with the authorities in an effort to resolve the concerns.
The 27 national privacy regulatory authorities in the EU are commonly described as the “Article 29 group.” With leadership from French authorities, that group is attempting to coordinate action against Google.
The European regulators have the authority to investigate privacy practices and to impose substantial penalties for non-compliance. For example, French authorities have the ability to impose fines in excess of $400,000 in cases involving multiple violations of privacy laws.
The efforts by the Article 29 group to coordinate their privacy investigations and sanctions may signify an attempt to enhance their impact on global privacy practices. Their choice of Google as one of the first targets for their coordinated enforcement efforts appears to illustrate an assessment that implementation of meaningful privacy protection requires that they successfully manage the privacy practices of the leading online service providers.
Coordinated privacy law enforcement in Europe can have important consequences. If successful, European enforcement could alter the standard privacy practices of the major online service providers in other jurisdictions, including the United States. The European initiative could thus make it easier for the U.S. and other countries to expand their privacy requirements.
The EU has long been a global leader in privacy protection. The current effort to coordinate European national privacy enforcement efforts is another example of that leadership. Consumers in Europe and around the world may ultimately benefit from the emphasis European authorities place on protection of the privacy of personal information.