French data protection authority CNIL prepares to fine Google | DMA

Filter By

Show All

Connect to


French data protection authority CNIL prepares to fine Google

The recent row between Google and the French national data protection authority(CNIL) is a foretaste of how European data protection authorities might work together in the future under the proposed draft Data Protection Regulation currently being debated in Brussels. The draft Regulation includes proposals for greater cooperation between EU national data protection authorities. As it stands, Google could face a fine of up to €300,000 under French law but could also face similar enforcement actions in several other member states.

CNIL is launching formal sanctions against Google for its alleged failure to heed an order to modify its March 2012 privacy policy to comply with French national data protection law. Google had three months in which to respond to the enforcement notice and replied on the last day of this period contesting the reasoning of the CNIL and the applicability of French data protection law to Google’s services used by French residents. To date, Google has not implemented the changes CNIL requested.

CNIL vs Google: a recap
In case you haven't been following the story, it began when Google introduced its March 2012 privacy policy. In June 2013, CNIL issued Google with an enforcement notice to comply with French data protection law within three months. This followed an analysis by the EU national data protection authorities of the Member States of the EU of the March 2012 privacy policy, who appointed the CNIL as the lead regulator on this issue.

The enforcement notice required Google to make the following changes to the March 2012 privacy policy:

1. Define specified and explicit purposes.

2. Inform users of Google’s services with regard to the purposes of the processing implemented.

3. Define retention periods for the personal data processed by Google.

4. Not to proceed without a legal basis with the potentially unlimited combination of users data from the different Google services they had had signed up for separately.

5. Fairly collect and process data from those visitors to Google-owned websites who had not signed in/registered.

6. Inform users and then obtain their consent before storing cookies on their devices they were using to access Google’s services.

James Milligan, Solicitor, DMA

Hear more from the DMA

Please login to comment.


Related Articles

Economic pressures have plagued households for several years, with brands facing the challenge of engaging consumers who are more budget-conscious than ever before. As a result, brand loyalty has sharply declined, with 61% of consumers being less likely to stick with brands in 2023 compared to 41% in 2022.

Cost of Living Exit Strategy Report 20244

When thinking about sustainable marketing, often we think about the channels we use, or materials we use in a physical sense. We overlook things like the audience targeting, data cleanse & optimisation, which have a big impact on minimising wastage.


The telecom industry boasts an array of touchpoints, presenting both opportunities and challenges for marketers. Ensuring that campaigns not only resonate but also yield results is critical.


The telecommunications sector grapples with a pressing issue: customer data silos.

iStock-1180187740 600x400.jpg