The European Union has officially ordered Google (News - Alert) to ensure its privacy policy complies with the EU’s data protection qualifications in four months. If by that time Google has not appeased the data protection watchdogs, the company could face disciplinary action--and it won’t be a slap on the wrist. The issue at hand is significant, and will play out at a national level.

The French Commission Nationale de l’Informatique (CNIL), which is currently working on behalf of the 27 national data regulators of the EU, said on Tuesday it had indeed found legal flaws in Google’s new approach to user data. 


Image via Shutterstock

The “new approach” was adopted by Google in March, and involves the company’s ability to gather anonymous data from users’ search histories to better target advertising.

The CNIL responded to the change by issuing 12 recommendations to Google, urging the company to alter its policy to follow the rules, for instance by informing users how their data will be used, as well as setting precise periods for the data to be retained.

 “If Google does not conform in the allotted time, we will enter into the disciplinary phase,” said CNIL president Isabelle Falque-Pierrotin, noting also that they would be happy to speak with Google on the matter.

So far, Google’s official word on the debacle is denial--Google’s global privacy counsel Peter Fleischer said that although the company would examine the charges and investigate the matter, they remain confident the company’s privacy policy respects the laws of the EU.

Google is no stranger to privacy allegations. The company was fined 100,000 euros, approximately $129,000 USD, in 2010 for allowing its Street View cars to collect unauthorized data on public Wi-Fi networks.

Dutch data protection leader Jacob Kohnstamm commented on the CDIL’s newly imposed time limit, noting that the Google case is the first time regulators have cooperated on an investigation. He cites this as a reason the EU feels their motion will succeed in either bringing real change, or real consequences.

“Since internet companies know no borders, it is indispensable that data protection work together,” said Kohnstamm.