It's a bad week for Google on the privacy-regulation front. Amid news that European regulators plan to take action against the search engine giant for its privacy practices, Alma Whitten, Google's privacy director, has stepped down. It's unclear if the two events are related.
France is leading the charge against Google, which comes in the wake of the European Union's Article 29 Working Party investigation into the company's privacy policies. From March to October last year, the group reviewed whether or not Google was meeting the requirements of the EU's Data Protection Directive.
After finding Google did not comply with the requirements, regulators gave the company four months to make changes necessary to comply. Apparently, Google failed to do that.
Ganging Up on Google
"On 19 March 2013, representatives of Google Inc. were invited at their request to meet with the task force led by the CNIL [La Commission Nationale de l'Informatique et des Libertes] and composed of authorities of France, Germany, Italy, the Netherlands, Spain, and the United-Kingdom. Following this meeting, no change has been seen," CNIL said in a statement.
Basically, that means each nation is now carrying out further investigations according to the provisions of its national law implementing the European regulations. All authorities in the task force launched actions on Tuesday.
"In particular, the CNIL notified Google of the initiation of an inspection procedure and that it had set up an international administrative cooperation procedure with its counterparts in the task force," CNIL said. Google could not immediately be reached for comment.
Is Europe More Aggressive?
Marc Rotenberg, executive director of the Electronic Privacy Information Center, told us there's a lot of buzz, but nothing is final.
"I'm not surprised that European regulators are taking action. I was surprised that the U.S. regulators didn't take action. The case that EPIC brought against the Federal Trade Commission in 2012 concerned the agency's failure, in our view, to take action under its own consent order," Rotenberg said.
Rotenberg said this background is important. Some may believe the Europeans are going after Google harder, but U.S. regulators, he said, are equally concerned.
"The interesting question for us, of course, is why the Europeans are able to enforce privacy rights where the U.S. is having so much difficulty," Rotenberg said. "I think there are some structural problems and some real issues about the FTC's ability to enforce its own consent orders."