14 May 2014

Hamburg Datenschutz v Google

Bloomberg reports that the Hamburgischen Beauftragten für Datenschutz und Informationsfreiheit (HmbBfDI or Datenschutz) is planning to order Google to change its data-handling practices in the near future on the basis that the US-based search engine service is violating German data protection rules by compiling customer data without asking for consent.

Datenschutz executive Dr Johannes Caspar is reported as commenting that
By compiling data from its different services under a single user ID, Google has access to an in-depth personal profile of its users. 
Google has to respect its users’ right of self-determination
Last year the Datenschutz imposed a €145,000 euros for collecting wireless-network data over 2008 to 2010 as part of Street View.

The latest expressions of disquiet follow CNIL's imposition of a €150,000 penalty in January, an earlier €900,000 penalty in Spain by the Agencia Española de Protección de Datos (AEPD) noted here and a €1m penalty in Italy over Street View.

Bloomberg notes that.
The EU is seeking to empower national agencies to go beyond current penalties, to make sanctioning global companies more effective. Lawmakers are weighing proposals to fines of as much as 100 million euros or 5 percent of yearly global sales for privacy violations.
The report coincides with the 'right to be forgotten' judgment discussed here.