Google has been fined €150,000 (roughly $203,000) by the French data protection authority after it ruled that the firm doesn’t comply with the country’s data protection laws.
The Commission nationale de l’informatique et des libertés (CNIL) said the penalty directly related to the new privacy policies Google brought into force on March 1, 2012, which affected nearly all Internet users in France.
Despite recommendations from the Article 29 Working Party of data protection regulators asking Google to change these policies, no action has been taken, so CNIL said it had no option but to fine the firm.
“The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing,” it said. “They may therefore neither understand the purposes for which their data are collected, which are not specific as the law requires, nor the ambit of the data collected through the different services concerned. Consequently, they are not able to exercise their rights, in particular their right of access, objection or deletion.”
It also cited concerns with the fact that Google collects and combines user data from across all its services, “without any legal basis.”
As well as the fine, CNIL ordered Google to publish an announcement of the decision on its France homepage for two days, within eight days of the order being published.
“This publicity measure is justified by the extent of Google’s data collection, as well as by the necessity to inform the persons concerned who are not in a capacity to exercise their rights,” CNIL said.
The fine marks another notable action by a European regulator against Google after Spanish authorities fined the firm for several privacy violations. Dutch authorities have also ruled that Google’s data-handling practices break its country’s privacy laws.
The UK’s Information Commissioner’s Office (ICO) is also investigating Google but so far no decisions have been made.
This article was originally published on V3.