Google, a company that reported $14.89 billion in revenue last quarter, was fined 150,000 euro (just over US$200,000) today by France’s digital privacy watchdog CNIL. Google was also ordered to publish a notice about the decision on google.fr within the next eight days.
In early 2012, Google consolidated its multiple privacy policies into a single document, which prompted the working group of all EU data protection authorities to look into these changes. The EU decided that Google wasn’t in compliance with its legal framework and asked the company to make a number of changes to the policy, which Google never made.
France asked Google for a relatively small number of changes to the document, define retention periods, limit the combination of user’s data and to “fairly collect and process passive users’ data.”
CNIL, as well as other EU data watchdogs, then started its own enforcement proceedings and issued this rather small penalty on January 3.
Given Google’s size, 150,000 euros aren’t exactly going to hurt the company. Indeed, the amount may be smaller than what Google would have to pay its lawyers to work on these documents. In the U.S. the FTC recently settled with Google for a full $22 million after it discovered that the company bypassed Safari’s privacy settings. Spain recently fined it 900,000 euros (about $1.2 million) for mishandling users’ personal data.
In France, however, the maximum fine the CNIL could levy is apparently 150,000 euros now and another 300,000 if Google still refuses to comply in the next three months. According to CNIL, it is also the highest fine the committee has ever issued.