In 2012 Google consolidated more than 60 privacy policies into 1 which led to complaints that the new privacy policy breached French laws and has now resulted in a fine of $205,000 (€150 000). French National Commission on Computing and Liberty (CNIL) issued the fine on January 8, 2014 which included the following complaints about the single privacy policy which CNIL asserts was contrary to “several legal requirements”:
- The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing. They may therefore neither understand the purposes for which their data are collected, which are not specific as the law requires, nor the ambit of the data collected through the different services concerned. Consequently, they are not able to exercise their rights, in particular their right of access, objection or deletion.
- The company does not comply with its obligation to obtain user consent prior to the storage of cookies on their terminals.
- It fails to define retention periods applicable to the data which it processes.
- Finally, it permits itself to combine all the data it collects about its users across all of its services without any legal basis.
Computerworld reported that by filing the appeal of the fine Google did not have to explain the fine on the French homepage, and regarding the fine:
…in the face of Google’s continued refusal to change the policy, CNIL imposed the maximum fine within its powers, just over 0.01% of Google’s annual revenue in France, according to a study by VRDCI, a French search optimization agency. If Google continues to offend, CNIL could impose a second fine.
Google seems committed to the single privacy policy in France, but the fine and bad press does not portend well for Google.