Share

Related Links

Related Stories

  • French Data Protection Regulator Levies Maximum Fine Against Google
    The French data protection regulatory body, the commission nationale de l'informatique et des libertés (CNIL) , has levied its largest ever fine against Google for breach of the French data protection laws. That it is a mere €150,000 (Google reported profits in excess of $10 billion last year) is not as important as that this is the maximum fine possible under French law.
  • Lawyer Throws Spanner in EU Data Protection Regulation
    Two months after European justice ministers agreed the principle of the 'one-stop-shop' for data protection rulings, Hubert Legal (head of legal services for the European Council; that is, the member states) declared it would be a bad outcome likely in breach of European human rights.
  • Dutch Regulator Finds Google in Breach of Privacy Law
    The Netherlands is one of the six EU member states that have undertaken a formal investigation of Google's privacy compliance following the 2012 amalgamation of its various privacy policies. The Dutch Data Protection Authority has now found Google to be in breach of multiple aspects of the the Dutch data protection act.
  • European Civil Liberties Committee Approves Current Draft Data Protection Regulation
    Edward Snowden's leaked information on the character and extent of NSA surveillance brought new impetus to the European Commission's proposed new General Data Protection Regulation, which had been floundering under the weight of extensive US government and business lobbying.
  • EC’s proposed General Data Protection Regulation is struggling
    The GDPR was designed to bring tough new standardized data protection regulations across Europe; but intensive lobbying, and thousands of proposed amendments has left it struggling for survival.

Top 5 Stories

News

The Battle of Wills Between the European Commission and Google

20 January 2014

Earlier this month Google's global privacy counsel Peter Fleischer declared that the 'much-flawed' European General Data Protection Regulation (GDPR) had collapsed and the 'old draft is dead.' But in a speech yesterday, Commissioner Viviane Reding explained that she will persist; and she used Google as an example of why she must.

"Take Google as an example," said Viviane Reding, vice president of the European Commission and EU justice commissioner. She explained that its privacy policy had been ruled in breach of European data protection laws; pointed out that both France and Spain have already levied the maximum fines possible; and added, "the fine in France represents 0.0003% of [Google's] global turnover," which she described as pocket money. 

"Is it surprising to anyone," she asked, "that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not? Europeans need to get serious. And that is why our reform introduces stiff sanctions that can reach as much as 2% of the global annual turnover of a company. In the Google case, that would have meant a fine of EUR 731 million (USD 1 billion). A sum much harder to brush off."

Although there is no further mention of Google in her speech, and certainly no explicit reference to Peter Fleischer, it is clear that the whole speech is a refutation of his views. "Whatever comes next," he wrote in a blog posting earlier this year, "will be the most important privacy legislation in the world, setting the global standards. I'm hopeful that this pause will give lawmakers time to write a better, more modern and more balanced law."

But Reding's speech shows no inclination for further compromise. She was receiving the Aenne Burda Award for Creative Leadership at the international Digital-Life Design (DLD) Conference in Munich. "This award," she said, "will be an additional motivation for me to keep going, and a reminder of the power of perseverance, of the importance of fighting for your dreams and never giving up."

She pointed out that the European Parliament had already agreed to 'a broad compromise, backing the European Commission's proposals.' But, "Member States, however, have been stalling." The emphasis is hers, and the bitterness barely disguised. "Even after the shocking revelations of mass spying and surveillance that continue to dominate the headlines, they have so far mainly reacted with words. EU Heads of State and Government have committed to a 'timely' adoption of the new framework. But in real terms there has been little action."

She re-iterated the Commission's view that the GDPR will benefit both business and consumers. The uniformity across Europe "will be especially important for smaller companies and start-ups, who will find it easier to break into new markets"; an idea directly refuting Google's and other lobbyists' claim that it will stifle innovation.

She also said that the reforms – especially the principles of data minimization and strict sanctions – would rebuild consumer trust, improve general security, and reduce business costs. "Just ask Sony," she explained. "Experts believe that a hacker attack on PlayStation accounts in 2011, in which the data of 77 million people was compromised, cost the firm between USD $1 and $2 billion. That is the cost of non-compliance. And this cost is both high and avoidable." In the UK, the privacy regulator added a £250,000 fine.

One thing is clear from Reding's speech: regardless of Fleischer's view that the current GDPR is dead, it is not. Reding may be forced to accept minor amendments before it is passed into European law, but she will not give up until the GDPR, largely as it now stands, becomes the new European data protection law.

This article is featured in:
Compliance and Policy  •  Industry News  •  Internet and Network Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×