Google given 18 months to change its handling of user data

Filed Under: Featured, Google, Privacy

Google ItalyThe Italian Data Protection Commissioner has given Google 18 months to change the way it treats and stores user data.

The ruling, handed out as part of a European probe that found the company violated privacy policy laws across the European Union, says Google will now need permission from users before creating a profile for them.

A statement from the Italian Data Protection Authority also says that the Mountain View giant will have to make it clear that any personal data it does collect may be used for profiling, as well as for commercial purposes.

While the regulator did concede that Google has made progress towards adhering to local laws, it says the company still has some way to go in order to achieve full compliance in areas such as seeking prior consent for profiling for commercial purposes and the length of time that personal data is stored.

Specifically, the regulator says Google must remove personal information within two months of receiving a request from an active user. The company will also have to remove personal data from its backup systems within six months.

A Google spokesman said:

We've engaged fully with the Italian DPA throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services, and we'll continue to do so. We'll be reading their report closely to determine next steps.

Google has been given until the end of September to provide legally binding proposals outlining how it will comply with Italy’s requirements.

If the company fails to achieve compliance with the Italian Data Protection Authority’s demands it could face a fine of up to 1 million euros ($1.35m or £790,000) as well as possible criminal proceedings.

Other European countries, including the UK, Netherlands and France have all recently shown concern over the practices undertaken by Google, largely on the back of its decision to roll 60 of its privacy policies into one.

That change, in 2012, saw the company consolidate the privacy policies of services such as YouTube, Google Search and Gmail but users were not given any choice over whether they wanted to accept the conditions or not.

Last November, the Dutch privacy watchdog declared that Google broke the country’s privacy laws following a seven month investigation.

Then, in January this year, Google was fined 150,000 euros ($202,000 or £118,000) by the French data watchdog after it ignored a three-month deadline to clean up its data privacy policies.

The UK’s Information Commissioner also ordered Google to make changes to its privacy policies last year but there is no word yet on whether the company ever complied with that request.

Previously, the company has also found itself in hot water over its Street View mapping service which was found to have steamrollered its way over user privacy by snaffling up data from Wi-Fi networks.

It also currently faces the headache of dealing with tens of thousands of right to be forgotten link removal requests following a ruling from the European Court of Justice (ECJ) in May.

In respect of the latter, the Italian regulator says it is awaiting clarification before applying the ECJ ruling within its own jurisdiction.

, ,

You might like

5 Responses to Google given 18 months to change its handling of user data

  1. Alastair · 443 days ago

    I understand the privacy issues, but you don't have to use google or it's services so maybe if more people boycotted google they might respond a bit quicker. I am 50+ and get the issues, my son and daughter don't really care

  2. clifford cuellar · 442 days ago

    I wish the EU would devote as much or more time to viruses, bots, and phising as it does to individual privacy. They should concentrate more on issues that cause real (monetary) harm.

  3. Concerned Aussie · 439 days ago

    I'd like to see a few governments force Google to divest data holdings to arm's length entities in each jurisdiction.

    That would override the extraterritoriality of the Patriot Act ... And the NSA would once again have to work for a living!

  4. Blake · 435 days ago

    Google is overrated! Use DuckDuckGo and never look back!

  5. goat · 429 days ago

    200k, 1.3 million, how are these puny fines expected to do anything to a company who makes enough to cover both those costs in just a few hours?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.