Google is facing enforcement action and possibly fines in six EU member states for violating EU privacy law. The six countries are: France, Germany, Italy, the Netherlands, Spain and the U.K.
What could happen now?
National proceedings and sanction authorities in the member states differ from each other. For example in Belgium, the DPA has limited power to serve fines; while France and Germany have extensive authority but use it in very different ways depending on the case in question. The U.K.’s Information Commissioner’s Office can impose a fine up to £500,000 ($758,000) against a company which breaches U.K. data and privacy laws. So, each DPA will have to impose their own fines separately and maximum fines vary by region.
The types and levels of sanctions of the different DPAs which depend on national laws can include: relatively informal guidance; recommendations; formal warnings; administrative sanctions; investigations; blocking of data processing or transfers and finally, criminal sanctions.
It looks like there is a big chance that if Google maintains its unwillingness to modify its policy, the Working Group will coordinate repressive action via the member states against it. This could lead to other member states preventing other companies, particularly Google, from similar actions in the future by imposing high fines quickly as due precedence has been achieved.
This is an ongoing case and I shall be revisiting it in the near future…