After almost two years of back and forth with Google, the
French CNIL has, similarly to the Spanish Data Protection authority
(€900,000 fine), sanctioned Google with a €150,000 fine,
as Google refused to review its integrated platform and to modify
In addition to this fine, the CNIL has ordered Google to post a
warning on Google's French home page within eight days after
the CNIL's notification, and during two days reflecting this
Google has decided to appeal the CNIL's condemnation in
front of the French Council of State ("Conseil
d'Etat"), France's highest administrative
jurisdiction, in order to obtain the cancellation or reversal of
One could wonder why Google puts so much energy into trying to
reverse a condemnation that is "bearable" from a
financial point of view: there are at least two reasons for
First, the warning to be posted being the "real"
condemnation – as it is deemed to be displayed to millions of
Google users – Google has no other choice but to appeal the
decision in order to avoid it. And as the appeal does not hinder
the immediate enforceability of the sanction, Google had
simultaneously introduced a petition for suspension before the
The hearing is scheduled to take place February 6, 2014.
Second, and more importantly, this condemnation could be the
first step before criminal penalties this time: the French criminal
code provides that failure to comply with the French Data
Protection Act shall be punished per infringement with a fine of
€300,000 and imprisonment of up to five years.
These sanctions can only be ordered if the CNIL has issued
before an "administrative" sanction it has alone the
power to take. This is what happened earlier this month.
Note that according to article 131-38 of the French Criminal
Code, if a legal person is being convicted, the amount of the fine
is multiplied by five, and in addition by two in case of
Therefore, on that basis, Google could face a risk of being
convicted to a fine of €1.5 million or even €3 million
for recidivism, per infringement.
There lies a real financial threat since, after this first
"administrative" fine has been ordered by the CNIL, a
criminal case could now follow.
The legal proceedings against Google in France may only have
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).