The Spanish and French data protection watchdogs have now taken matters further by imposing formal sanctions on Google Inc, fining the company Euro 900,000 and 150,000 respectively for breaching Spanish and French data protection laws.
For an organisation that reported revenues of 50 billion dollars in 2012, these fines are miniscule and highly unlikely to have any effect on Google’s privacy practices. The CNIL also required Google to publish a notice of the CNIL’s decision on its French search landing page www.google.fr for 48 hours. This may have been a rather more effective deterrent to dissuade Google from continued non-compliance with French data protection laws given the sanctity of its search landing page and its prominence to French Google users. However, Google announced on Monday this week that it has appealed the decision of the CNIL which means that the requirement to publish the notice is likely to be suspended pending the outcome of that appeal.
The UK’s data protection authority, the ICO, after saying in July last year that “failure to take the necessary action to improve the policies’ compliance with the [UK] Data Protection Act by 20 September will leave [Google] open to the possibility of formal enforcement action” has yet to make any further announcement. Requiring Google to post a notice on the UK search landing page would be a first for the ICO, and would almost certainly be appealed by Google. However, fines alone are unlikely to change Google’s behaviour so regulators will need to think more creatively about effective remedies.
Datonomy will be keeping a close eye on the next moves in this game of regulatory cat and mouse.