The CNIL’s Sanctions Committee issues a 150 000 € monetary penalty to GOOGLE Inc.
On 3 January 2014, the CNIL’s Sanctions Committee issued a 150 000 € monetary penalty to GOOGLE Inc. upon considering that the privacy policy implemented since 1 March 2012 does not comply with the French Data Protection Act. It ordered the company to publish a communiqué on this decision on its homepage Google.fr, within eight days as of its notification.
Does your web site / web service / web application have a privacy policy?
Was that privacy policy written by lawyers who may or may not understand your business and may or may not understand that European states like France have their own regulation of privacy?
You may be facing a stiff penalty for having a non-compliant privacy policy.
The CNIL penalty on Google is a wake-up call.
Thousands of service providers just like you are sitting on the fence and wondering how to comply with European and French privacy regulation as fast and as effective as possible.
Where do you start?
We’re here to help you get going fast with some common Q&A
Q. Is my existing privacy policy sufficient?
A. Maybe. Maybe not. A 2 hour review with with us will give you a clear picture of what you need to do. After the review we will help you rewrite your your privacy policy and terms of service in order to minimize your exposure. For starters, here are 4 points you need to cover:
- Does your site sufficiently inform its users of the conditions in which their personal data are processed?
- Does your site obtain user consent prior to the storage of cookies?
- Does your site define retention periods applicable to the data which it processes?
- Does your site permit itself to combine all the data it collects about its users?
Q. What special systems or security products are required?
A. None. Security defenses are a mistake. See the next question and answer.
Q. How many hours should I budget for Data Protection compliance? How should I protect my data?
A. We have an 8 week plan to take you from zero to full Data Protection compliance – budget 6 hours / week and you will get there. You also need to identify and mitigate vulnerabilities in your Web site – our Practical Threat Analysis process will pinpoint what you need to do from a perspective of policies and procedures, cloud servers and application security.
Q. What do I do when I complete the 8 week plan for Data Protection compliance?
A. Well, you’ll be sitting on a much more robust system of technical, administrative, policy and procedural controls so go out and have some fun – you deserve it!
If you provide digital services in countries like France and the UK who have local database registration requirements – we will help you comply with local CNIL and UK Data Commissioner requirements.
See CNIL Sanctions on Google for the full story.