Italy Slaps Google With Tougher Privacy Regulations


Italian regulators have slapped Google with stricter regulations that should change how the company stores and collects user data, a move that closes out a year-long European investigation into Google’s privacy practices, Reuters reported.

The new regulations mean Google will need consent before tracking people’s data and using it for advertising. Google must also delete users’ data every two months. The Internet giant has until September to submit a plan detailing how it will comply with the new rules within the next 18 months. If it fails to meet the new standards, the company could face fines upwards of $1.35 million (1 million euros) if it doesn’t make the changes.

The regulation change, announced Monday, came after Google changed its privacy rules automatically unified a user’s data across multiple platforms including its email service Gmail, social network Google+, and YouTube, the popular video sharing site, with no way to separate them. Italian data protection regulators decided Google’s current privacy policy insufficiently explained how users’ data was being treated, and didn’t meet violated local privacy laws, according to Reuters.

Google has bumped heads with Italy before. The government unsuccessfully tried to impose a “Web tax” on the tech company simply because it operated in the country, and local Google officials were found guilty of violating Italy’s privacy laws. But all U.S.-based tech companies have drawn criticism overseas regarding their privacy practices — or lack thereof. Europe already has tougher privacy laws than the United States, but has cracked down even harder in the last year since leaked documents revealed that the U.S.’ extensive National Security Agency (NSA) program used tech companies, such as Google, to snoop on governments’ and ordinary citizens’ communications in the U.S. and abroad.

International governments since have taken measures to curtail the NSA’s reach by reverting back to outdated technology. Russia and German officials recently said they certain agencies would go back to using typewriters and handwritten notes to keep the NSA from electronically eavesdropping on their communications. Despite the country’s own surveillance controversies, a Chinese news outlet accused tech giant Apple, which was a part of the NSA surveillance program, of tracking China’s citizens and gathering information on government secrets through iPhones and other mobile devices.

Tech companies have fought back against the negative publicity from the NSA leaks by speaking out against the surveillance program and rallying for greater transparency. But the companies have yet to completely address their privacy practices outside of government surveillance. European regulators have repeatedly criticized the likes of Google and Facebook for their dragnet collection of consumer data that blur the line between privacy and convenience. To help remedy that, the European Union’s high court decided Google had to unlink old or irrelevant information from it’s search engine based on consumers’ requests as part of its “right to be forgotten” ruling.

While the controversial ruling raises free speech concerns and has been criticized as impossible to enforce, it exemplifies how other countries prioritize and respond to privacy concerns. The U.S. has been slow to adopt — or enforce — sweeping privacy policies that would reign in Big Data and companies’ collection habits. Compared to the U.S., the EU’s privacy laws emphasize citizens’ rights to control their personal information and making companies — both local and abroad — accountable.

American data protection laws are relatively lax, except when it comes to medical records, and rely on private sector businesses govern themselves on privacy issues. That could change, though, as the NSA leaks and the rising number of data breaches are inspiring Americans to become increasingly concerned with data privacy. So far, U.S. consumers have pushed for greater privacy by using web encryption more and advocating for legislators to consider tougher laws that protect personal data collected by private companies and the government.