Google’s privacy policy sparks larger data leakage fines in Europe

by Charles Leaver

January 28, 2014

access_time 4 min read

The European Union commissioner for justice recently called for boosted fines to be placed upon companies which breach the organization's data privacy laws. In this way, businesses that experience data leakage for any reason could be forced to pay a higher sum if they are found to have violated certain standards handed down by the EU.

EU commissioner Viviane Reding said efforts to increase these fines came soon after data protection authorities in France and Spain weighed in on Google's consolidated privacy policy, according to Naked Security contributor Lee Munson. The groups ruled that Google's new practice violated existing data protection standards, however, the company only received a small fine for the offense.

Google fined
Munson reported that Google was fined 900,000 euros, or the equivalent of just over $1.2 million, for more than 70 violations of the EU's privacy policies, which also break certain laws in Europe. The search giant was also fined by the Commission Nationale de l'informatique et des Libertes this month when the group found Google's privacy policy "does not inform users just how their personal data is used or collected, does not obtain user consent prior to storing cookies, fails to define data retention periods, and combines data across its services without any legal basis," Muson wrote. For these offenses, Google received a 150,000 euro fine, or around $205,000.

Plans for boosted fines
According to Munson, Reding originally drafted data protection plans two years ago that have yet to be adopted by the Commission. Once put in place, the plans call for groups to be fined equal to two percent of annual turnover if found to be in violation of data privacy standards. While the Commission has yet to deploy these increased rates, the European Parliament is recently voted to adopt fines of up to 5 percent of an offending business's global revenue.

Reding recently released a statement calling for Europeans to "get serious" about data privacy, stating that larger fines for breaches of standards would be a greater deterrent against data leakage in that it would be a "sum much harder to brush off."

EU reporting window
While the larger fines have yet to be approved, the EU did take steps to shorten the available window companies have for reporting data leakage. According to SC Magazine, the organization put a new policy in place late last year that states that telecommunications and Internet service providers have 24 hours to report data leakage from the moment it is discovered.