With Google already trying to contain the damage to its reputation from the National Security Agency (NSA) leaks, it now risks another dent to its image, as European privacy officials threaten to fine the company for sucking up vast amounts of user information without explaining the purpose.
On Thursday, French officials gave Google three months to explain how long it stores the information it gathers through Gmail, YouTube and other services, and to explain why it is collecting it. If Google fails to comply, which looks possible, it could face fines in France of up to about $400,000. “We realized that they are collecting a huge amount of data on each of us, and most people know nothing about this,” Isabelle Falque-Pierrotin, president of France’s National Commission on Computing and Freedom, told TIME on Thursday. “It is time for action.”
Of course, the fines alone are unlikely to work: they are a piddling amount for Google, whose market cap is close to $300 billion; it earned about $14 billion in the first quarter of this year, much of it from targeted ads through collecting user data. On Thursday, a British privacy activist Nick Pickles told the Associated Press that he worried that the fines “won’t be a particularly strong deterrent, that Google may see it as the price of doing business.”
Still, the fines in Europe could begin to add up, if each of the E.U.’s 27 members follow France’s lead. The French decision on Thursday was part of a joint action with Germany, Italy, the Netherlands, Britain and Spain, all of which have said they too are weighing whether to fine Google. The penalties could also increase, if the E.U.’s privacy commissioner Viviane Reding succeeds in pushing through an increase in maximum fines on tech companies, from a maximum of about $800,000 to 2% of global sales.
The true potential damage is to Google’s reputation, however. Although the timing is coincidental — the E.U. countries last October gave Google four months to respond — France’s decision comes just 10 days after NSA contractor Edward Snowden blew the whistle on the agency’s Prism program. Snowden revealed that the government had access to mountains of user data from tech companies, Google among them, and sent the industry scrambling to show how the government had compelled it reluctantly to turn over data.
Clearly, the case against Google’s privacy policies is an unrelated issue. But coming so soon after Snowden’s leaked information, it could add to doubts people have about how private their online lives are. In Europe, the NSA leak has been explosive news, and to many, it has shown the U.S. tech giants having far too great a power over Europeans’ lives. “We didn’t imagine the Prism events, but the whole environment now is putting more pressure on actors like Google,” says Falque-Pierrotin. In pursuing her case, she said she became increasingly aware that while U.S. tech companies should be free to do commerce, the real problem was how opaque their data collection was. “We say, ‘Your ambition is to be the hub of our digital life, fine, that’s your business,’” she says. “But the market needs transparency and trust.”