Don't expect Google's "conscious home" to keep things private…

Two interesting Google-related news stories broke over the last few days. The first is that France’s data protection authority, CNIL, has issued the search giant with an 150,000 euro fine after ruling its privacy policy violated the French Data Protection Act. And the second is that Google has confirmed the $3.2 billion purchase of Nest, a company that develops internet connected home appliances and – in its own words – wants to “realize our vision of the conscious home.” So we have a company that ’s repeatedly violated privacy laws buying a company that wants to make your home “conscious” - sounds like the plot of a bad sci-fi movie.

Impotent regulation

While it’s great news that CNIL has taken action against Google, the penalties imposed are laughable. Google’s last fiscal statement revealed profits of $2.97 billion – and that’s just for a single quarter. One hundred an fifty thousand euros is pocket change (despite being the largest fine the CNIL has issued to date) and if that’s all the regulator can impose then the message is loud and clear: The regulation is not working. How can you expect companies as big as Google to take laws seriously if the only repercussion is a mild slap on the wrist?

We’ve been here before when Google was issued with a $22.5 million fine back in the summer of 2012 by the US Federal Trade Commission. That was the biggest fine in the history of the FTC (Google seems to building quite the track record) but, given CNIL’s ruling,  it obviously didn’t have much of an impact on Mountain View’s approach to privacy.

Google’s dismissive attitude toward regulators goes back even further. The FTC’s record fine was due to Google’s inability to submit privacy audits and the privacy audits were requested because Google was guilty of deceiving users and violating its own privacy policy, when it launched the failed social network Buzz.

Even worse was when Google lied to British and German regulators about collecting data from unsecure WiFi hotspots via its Street Cars. Google said the data collection was a simple mistake, until the US’ Federal Communications Commission investigated and discovered the cars were specifically designed to collect the information. What did the regulators do? Pretty much nothing.

Google too big to fail?

So now we’re expected to believe Google won’t violate more privacy laws when it gets to control your toaster. Perhaps Google becoming too big to fail, just like the banks. It’s already arguably the most important internet company in the world and has huge resources and a great deal of clout with policy makers. Plus imagine if regulators actually got tough and threatened to limit Google’s services in their markets - I’m betting most people would have Google violate their privacy, rather than be cut off from its multitude of services (which span search, email, maps, storage and mobile ecosystems).

Without strong regulators, and with the ‘internet of things’ around the corner, this situation is only going to get worse. Google has proven over and over again that it cannot be trusted. Now it’s bought Nest, it’s seems we’re steadily marching toward a world where Google’s tendrils extend into a multitude of home appliances. Who wants a “conscious home” when the consciousness cannot be trusted to keep things to itself?

Comments icon
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to
Tags: Privacy




Then why use Google Analytics on your website? Isn’t it weird for a VPN provider? Anonymity is it compatible with this Google tracking service?

Alternatives exist, Piwik for example (free software).

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.

You can't always get what you want: the eternal conflict between lawful access and privacy

Posted on April 19, 2018 by mirimir

In late March, the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) took effect. And predictably, the US Supreme Court just dismissed United States v. Microsoft Corp. In that case, Microsoft was fighting a subpoena for data stored in an Irish data center.

Protect yourself today and get peace of mind

Shut out hackers, identity thieves and the global government surveillance apparatus — every time you go online.