French data protection authority CNIL prepares to fine Google | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

French data protection authority CNIL prepares to fine Google

29 Oct 2013

The recent row between Google and the French national data protection authority(CNIL) is a foretaste of how European data protection authorities might work together in the future under the proposed draft Data Protection Regulation currently being debated in Brussels. The draft Regulation includes proposals for greater cooperation between EU national data protection authorities. As it stands, Google could face a fine of up to €300,000 under French law but could also face similar enforcement actions in several other member states.

CNIL is launching formal sanctions against Google for its alleged failure to heed an order to modify its March 2012 privacy policy to comply with French national data protection law. Google had three months in which to respond to the enforcement notice and replied on the last day of this period contesting the reasoning of the CNIL and the applicability of French data protection law to Google’s services used by French residents. To date, Google has not implemented the changes CNIL requested.

CNIL vs Google: a recap
In case you haven't been following the story, it began when Google introduced its March 2012 privacy policy. In June 2013, CNIL issued Google with an enforcement notice to comply with French data protection law within three months. This followed an analysis by the EU national data protection authorities of the Member States of the EU of the March 2012 privacy policy, who appointed the CNIL as the lead regulator on this issue.

The enforcement notice required Google to make the following changes to the March 2012 privacy policy:

1. Define specified and explicit purposes.

2. Inform users of Google’s services with regard to the purposes of the processing implemented.

3. Define retention periods for the personal data processed by Google.

4. Not to proceed without a legal basis with the potentially unlimited combination of users data from the different Google services they had had signed up for separately.

5. Fairly collect and process data from those visitors to Google-owned websites who had not signed in/registered.

6. Inform users and then obtain their consent before storing cookies on their devices they were using to access Google’s services.

James Milligan, Solicitor, DMA

James Milligan James Milligan

Data & Marketing Associations
DMA Solicitor

Subscribe for industry news, insight and analysis
Hear more from the DMA

Please login to comment.

Comments

Related Articles

What UK Marketers Need to Know in 2024: A Guide for the Financial Services Marketer

A new government brings new legislation, and in the world of marketing, data protection is always on the front line. We dissect the implications of these legislative changes, providing you with insights to navigate this regulatory landscape.

what uk marketers need to know DMA.png

From Compliance to Trust: The Future of Marketing in a Data-Driven World

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

How to use the checkout experience to build loyalty and reduce abandoned baskets

As abandoned baskets reach the highest levels in a decade, how can you make sure your customers successfully checkout?

hero-man-thinking-about-making-a-purchase.webp

Ethical telemarketing: a reality, not a myth

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg

Expand

Copyright DMA 2024 © All Rights Reserved