Led by the French, organizations in Britain, the Netherlands, Germany, Spain, and Italy agreed Tuesday on the joint action, with the possibility of imposing fines or restrictions on operations across the entire 27-country European Union.
Last year, the company merged 60 privacy policies from around the world into one universal procedure. The European organizations complain that the policy does not allow users to figure out which information is kept, how it is combined by Google services, or how long it is retained.
The fines’ financial impact on Google would be limited — French privacy watchdog CNIL has the right to fine the company up to $385,000, approximately what it earns in three minutes, based on its projected revenue of $61 billion this year. Britain can fine up to 500,000 pounds, but rarely does.
But legal action would hurt Google’s image and could block its ability to collect such data.
Google dominates the European market for Internet searches. According to one survey, as many as 95 percent of searches in Europe are carried out through Google, compared with about 65 percent in the United States. European regulators have demanded specifics for anyone using Google on what is being collected and a simpler presentation.
Tensions between privacy and the swiftly evolving ability of companies to spin online usage data into vast profits are ramping up, especially in Europe, where privacy laws tend to be strong and nearly every country has a regulatory body. But Internet users have consistently shown a willingness to give up privacy in exchange for convenience and new online services that Google and other tech companies offer.
Google says it merged its myriad privacy policies in March 2012 for the sake of simplicity, and that the changes comply with European laws.
“There is a wider debate going on about personal data and who owns and controls personal data,” said Colin Strong, a technology analyst with GfK. “The question is the extent to which consumers understand the value of their personal data and the extent that they are happy with the trade that they’re getting.”
Each of the six European states bringing legal action has to decide on its own on how to handle perceived violations.
“No one is against Google’s objective of simplicity. It’s legitimate. But it needs to be accompanied by transparence for consumers and the ability to say yes or no,” Isabelle Falque Pierrotin, head of French privacy regulator CNIL, said in a recent interview. “Consumers have the right to know how the information is being used and what’s being done with it.”
But regulations tend to lag behind technology, and the delay is more pronounced in a digital age when small bits of information can offer increasingly lucrative insights into the psyches of consumers or voters.
Proposed Europe-wide data protection legislation will take until at least 2015 to be fully implemented. In the meantime, said Falque Pierrotin, the national privacy regulators must ensure that European consumers are not vulnerable.
Johannes Caspar, a German data protection commissioner, said the policies were vague — Google used the word “may” dozens of times on a page when describing its rights to data.
“Many users don’t even know what is happening with their data and might worry that their private information is used to produce personality profiles of them,” Caspar said.
Though consumers have been using the Internet despite the loss of some data privacy, they appear worried about the potential consequences. The European Commission says 70 percent of EU citizens are concerned about the misuse of their personal data; in the United States, about 65 percent are worried, according to a January 2011 Gallup poll.