Six European countries launch formal investigations into Google's privacy policy

France, Germany, Italy, the Netherlands, Spain, and U.K. will investigate Google after it repeatedly rejected requests to reverse privacy policy

Six European data protection authorities will conduct formal investigations of Google's privacy policy after the company repeatedly rejected their requests that it reverse changes it made to the policy last March, they announced Tuesday.

Data protection authorities in France, Germany, Italy, the Netherlands, Spain, and the United Kingdom have resolved to conduct investigations or inspections of Google's privacy policy, following an initial investigation by the French data protection authority. The precise nature of the actions will depend on how the European Data Protection Directive has been transposed in their respective national laws.

[ InfoWorld's Robert X. Cringely says Internet privacy is dead -- film at 11 | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

In Germany, Hamburg's Commissioner for Data Privacy and Freedom of Information said it will review the way in which Google processes users' data. Although Google seeks their consent, it is impossible for users to foresee the scope of this consent, Commissioner Johannes Caspar warned in a news release.

Analyses compiled by the French National Commission on Computing and Liberty (CNIL) raise questions about the legality of Google's processing of personal data, Caspar said.

The six countries will now take a close look at Google's compliance with the law. "Should the data protection concerns be confirmed, appropriate supervisory measures may be taken in the individual member states," he said.

The CNIL also said it has notified Google of the initiation of an inspection procedure.

The U.K.'s Information Commissioner's Office followed suit. An ICO spokesman confirmed the investigation into whether the March 2012 privacy policy is compliant with the Data Protection Act, and added, "As this is an ongoing investigation it would not be appropriate to comment further."

The Dutch data protection authority was similarly circumspect: "We are starting an investigation," said spokeswoman Lysette Rutgers, adding that her organization never comments on the content of any investigation.

A Google spokeswoman offered the same response the company has made since the beginning of CNIL's investigation: "Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the DPAs involved throughout this process, and we'll continue to do so going forward."

The six data protection authorities working on the case are all members of the Article 29 Working Party (A29WP), which brings together data protection authorities from across the European Union. Last year it mandated CNIL to begin an investigation on its behalf, after the company repeatedly refused to answer questions about its plans to introduce a new privacy policy.

CNIL published a report on Oct. 26 giving Google four months to comply with its recommendations. It failed to make any significant changes within that period, CNIL said Tuesday, and it is now up to the E.U.'s individual member states to take appropriate action based on its report.

(Loek Essers in Amsterdam contributed to this report.)

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies