French data protection authority CNIL prepares to fine Google | DMA

Filter By

Show All
X

Connect to

X

French data protection authority CNIL prepares to fine Google

The recent row between Google and the French national data protection authority(CNIL) is a foretaste of how European data protection authorities might work together in the future under the proposed draft Data Protection Regulation currently being debated in Brussels. The draft Regulation includes proposals for greater cooperation between EU national data protection authorities. As it stands, Google could face a fine of up to €300,000 under French law but could also face similar enforcement actions in several other member states.

CNIL is launching formal sanctions against Google for its alleged failure to heed an order to modify its March 2012 privacy policy to comply with French national data protection law. Google had three months in which to respond to the enforcement notice and replied on the last day of this period contesting the reasoning of the CNIL and the applicability of French data protection law to Google’s services used by French residents. To date, Google has not implemented the changes CNIL requested.

CNIL vs Google: a recap
In case you haven't been following the story, it began when Google introduced its March 2012 privacy policy. In June 2013, CNIL issued Google with an enforcement notice to comply with French data protection law within three months. This followed an analysis by the EU national data protection authorities of the Member States of the EU of the March 2012 privacy policy, who appointed the CNIL as the lead regulator on this issue.

The enforcement notice required Google to make the following changes to the March 2012 privacy policy:

1. Define specified and explicit purposes.

2. Inform users of Google’s services with regard to the purposes of the processing implemented.

3. Define retention periods for the personal data processed by Google.

4. Not to proceed without a legal basis with the potentially unlimited combination of users data from the different Google services they had had signed up for separately.

5. Fairly collect and process data from those visitors to Google-owned websites who had not signed in/registered.

6. Inform users and then obtain their consent before storing cookies on their devices they were using to access Google’s services.

James Milligan, Solicitor, DMA

Please login to comment.

Comments

Related Articles

As abandoned baskets reach the highest levels in a decade, how can you make sure your customers successfully checkout?

hero-man-thinking-about-making-a-purchase.webp
As Black Friday approaches, marketers face pressure to captivate customers. The '23 season showed how brands use real-time data, AI, and dynamic content to tailor their messaging and boost engagement. Learn from them to shape your strategy.
iStock-1661657038.jpg

Telemarketing continues to hold a significant place in the marketing strategies of many businesses, despite a relentless wave of digital transformation. Contrary to common misconceptions, telemarketing is not an obsolete tactic.

Depositphotos_103113358_S (1).jpg

Economic pressures have plagued households for several years, with brands facing the challenge of engaging consumers who are more budget-conscious than ever before. As a result, brand loyalty has sharply declined, with 61% of consumers being less likely to stick with brands in 2023 compared to 41% in 2022.

Cost of Living Exit Strategy Report 20244