23 Dec 2013

Google Fined €900, 000 for Data Privacy Violations

Google has violated article 18 of the Spanish Constitution and received a penalty of 300,000 euros for three law infringements, according to the Spanish Data Protection Authority (AEPD).

“AEPD’s inspection has demonstrated that Google collects personal information through nearly a hundred of services and products offered in Spain, in many cases not providing adequate information about what data is collected, what data is used for what purposes and without obtaining a valid consent of the data subject,”  a report said.

The AEPD explains that Gmail, a Google service, is not clear on how it scans email content to insert “tailored advertising.” The company is also accused of using ambiguous terminology to describe its Privacy Policy, with terms like “we could,” “may” and “might.”

The agency also notes that “Google stores and maintains data for periods of time indeterminate or unjustified,” which goes against Spanish data processing law.

Finally, the AEPD concludes that “Google hinders - and in some cases prevents - the exercise of the rights of access, rectification, cancellation and opposition,” which means users must go through multiple and sometimes complicated processes to manage their personal information.

Google does not acknowledge or accept the fine, according to v3.co.uk.

“We’ve engaged fully with the Spanish DPA throughout this process to explain our privacy policy and how it allows us to create simpler, more effective services, and we’ll continue to do so. We’ll be reading their report closely to determine next steps,” the company said in a statement.