The data protection authorities of the German city of Hamburg are the latest to order Google to clean up its act on privacy.
Hamburg privacy regulator Johannes Caspar said Tuesday that, last week, he ordered [company]Google[/company] to “take the necessary technical and organisational measures to guarantee that their users can decide on their own if and to what extend their data is used for profiling.” Google said in a statement that it is “now studying their order to determine next steps.”
Here’s what a clearly frustrated Caspar said in his statement:
In various meetings with Google we could achieve some improvements concerning the information of users. Nevertheless on the substantial issue of combining user data across services Google has not been willing to abide to the legally binding rules and refused to substantially improve the user’s controls. So we had to compel Google to do so by an administrative order. Our requirements aim at a fair balance between the concerns of the company and its users. The issue is up to Google now. The company must treat the data of its millions of users in a way that respects their privacy adequately while they use the various services of the company.
If the company ignores the demand – as it effectively has with every other such order elsewhere in Europe – it may be liable for a €1 million ($1.26 million) fine, which is pocket change for the firm. Caspar’s department has already fined Google over the Street View Wi-Fi-sniffing scandal, while grumbling at the low limit on the fine they could levy.
This is pretty much the same deal as in Italy and Spain and France. National privacy regulators are working together to coordinate their efforts to enforce this law but, while Google does “engage fully” with them, it invariably ends up changing little to nothing. Google’s deep pockets mean it can break the law and laugh it off each and every time, and this will not change until new laws allow for much higher fines.