Google hit with threat of massive fine by Dutch Regulator for data breach

Google AccountAs reported in the Financial Times (London, 15 December 2015), Google faces its largest ever fine from a European regulator after the Dutch Data Protection Agency threatened Google with a €15m fine over the way its stores personal data.

The Dutch Regulator demanded that Google asks users for “unambiguous consent” before it can share their personal details between its services, such as Google Maps and YouTube, the video-sharing site.

It also mandated that the company clarify its privacy policy so users know which bits of personal data are used by its different services.

The ruling comes in the wake of the meeting of Council of Ministers that are looking at ways of making it easier and simpler for trans-border actions to be brought against data controllers by directing complainants to a ‘one-stop shop’.

This is the second massive fine that Google has been levied with and comes close to the USD 22.5m imposed by the Federal Trade Commission in 2012 when it was fined for using cookies to target advertising at users of Apple’s safari web browser – deemed  to be an almighty violation of privacy.

Typically, Google – who’s mission statement says “You can make money without doing evil” – is reeling by this latest move. The company said “We are disappointed with the Dutch regulator’s order, especially as we have already made a number of changes to our privacy policy in response to their concerns.” It added that it had already shared some proposals for further changes to its privacy policy with regulators around Europe.

Google now has until February 2015 in order to carry out the demand for “unambiguous consent” before sharing details between its services.

This demand is consistent with the forthcoming EU General Data Protection Regulation and is adding to the call for the EU Regulation to come into full existence as Regulators already appear to acting in the spirit of it.

Former head of Article 29 Working Party Jacob Kohnstamm and now head of the Dutch data protection agency was behind the action against Google in the Netherlands: “Google catches us in an invisible web of our personal data without telling us and without asking us for our consent. this has been going on since 2012 and we hope our patience will no longer be tested.

According to the FT, the threat of a massive fine is a step back for Google, which has tried to improve its relationship with Europe’s data regulators in recent months. In fact in a recent interview with a French magazine, Isabelle Falque-Pierrotin who now heads up the Article 29 Working Party admitted that Google was “willing to make an effort” on privacy but increasingly Google is finding itself on the wrong side of the judgment.

The company has faced an increasingly tough regulatory regime in Europe and earlier this year the European Commission rejected Google’s settlement over its long-running ant-trust case.

Last month (November 2015), the European Parliament called for the break up of the group in a non-binding vote. Measures such as the “right of erasure” that lets people request that certain links don’t show up in online searches have also been thrust on the internet giant by European courts.

And judging by the sentiment within Europe for putting in place greater protection for personal data and security, Google will need to go a very long way in order to silence its critics and this current ruling by the Dutch Regulator strikes at the heart of its business model that relies on being able to build up accurate profiles about its hundreds of millions of users.

And of course Google isn’t alone in doing this..

Leave a reply