French data protection watchdog CNIL fined Google 150,000 euros for ignoring its three-month deadline to align its practice of tracking and storing user information with the country’s law.
"The company does not sufficiently inform its users of the conditions in which their personal data are processed, nor of the purposes of this processing," CNIL said in a statement.
The watchdog also ruled that Google must publish its decision on google.fr for a period of 48 hours within eight days of being notified of the ruling.
Back in June CNIL ruled that Google has breached six counts of the country’s privacy laws. The biggest concern was that the company did not provide “sufficient” information to users in terms of how their information was being used and stored.
The issue at the center of the controversy is the new way Google is using individuals’ data, by combining 60 privacy policies together and collecting data on users from all of its services such as Gmail, Google+, YouTube, without giving the users the option to opt out.
In response, Google said it will take note of the decision and look into further action.
Many European countries limit the amount of the potential fine, with Spain’s cap remaining as one of the highest, at up to 1 million euros.
The French case is not the first time Google has been slapped with a fine due to privacy disputes.
In November, the search giant was fined $17 million to settle its case with 37 American states and the District of Columbia after it bypassed Safari browser privacy settings to place ad cookies.
Germany also fined Google 145,000 euros for the systematic and illegal collection of personal data while it was creating its Street View service, calling on European lawmakers to increase fines for violating data protection.
The European Commission is also in the process of developing new and tougher regulations on internet services that would force them to introduce more end-user control, such as the Right to be Forgotten (forcing the company to delete all traces of a user who has decided to quit a service) and penalize them up to 2 percent of annual global turnover if they refuse to do so. The policy, known as the General Data Protection Regulation, may be introduced as early as next year.
110 Reykjavik, Iceland