Google appeals €150,000 fine from French privacy watchdog over new policies

The appeal suspends an order obliging Google to explain to users of its French homepage why it has been fined

Google has lodged an appeal against the €150,000 (US$205,000) fine imposed by the French privacy watchdog, a company spokesman said Tuesday.

On Jan. 9, the French National Commission on Computing and Liberty (CNIL) fined Google for introducing new privacy policies breaching French data protection laws. It also ordered Google to post the decision against it on the homepage of within eight days of receiving formal notification of the ruling, and to keep the post up for 48 hours.

Google has appealed the ruling, a company spokesman said, declining to detail when and where the appeal was made, or on what grounds.

However, according to a report in French newspaper Le Figaro on Tuesday, the appeal was lodged on Monday with the Council of State, the supreme court for administrative matters. The company filed an appeal against the ruling on the merits of the case, and an urgent action seeking a suspension of the ruling, according to the report. That would be sufficient to spare it the embarrassment of reporting CNIL's fine on its site until after the Council has examined the case.

The Council's ruling could come as early as next week, according to Le Figaro. Such a rapid response would be in sharp contrast to the pace of the legal action against the company.

Google made the changes to its privacy policy in March 2012, replacing a policies covering a variety of products with one document allowing it to combine information about a person's usage of the different services into a single profile. Typically, such combinations of different sets of personal data are outlawed by French privacy law unless specifically authorized.

CNIL spent a year exchanging a series of increasingly frosty letters with the company before beginning its formal investigation of the new policy in April 2013.

In June, the Commission asked Google to explain to its users the ways in which data about them is used; to keep that data only for as long as is necessary for those uses; not to combine different data sources without prior approval; to obtain informed consent from users before saving cookies in their browsers, and to treat "passive" users of its services fairly, for example those who merely visit sites that carry DoubleClick or Analytics code, or Google +1 buttons.

Finally, in the face of Google's continued refusal to change the policy, CNIL imposed the maximum fine within its powers, €150,000. That's just over 0.01 percent of Google's annual revenue in France, according to a study by VRDCI, a French search optimization agency. If Google continues to offend, CNIL could impose a second fine of up to €300,000.

Google maintains that it has cooperated with CNIL. "We've engaged fully with the CNIL throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services," the company said Tuesday, using the same formula with which it greeted the imposition of the fine last week.

The company faces fines or continuing legal action against its revised privacy policy in other European countries, where a number of data protection authorities agreed to take concerted action against the company.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at

Join the CSO newsletter!

Error: Please check your email address.

Tags GoogleregulationsecuritylegalFrench National Commission on Computing and Liberty (CNIL)governmentprivacy

More about DoubleClickGoogleIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place