Google is no stranger to the sting of regulatory oversight, but the coming storm in Europe over privacy may dwarf any punishment it has yet endured. Investors in the cloud computing giant breathed a sigh of relief when the Federal Trade Commission in the U.S. ended its investigation into the company, though Google's acquiescence to some of the FTC's requests marked a change in its relationship with regulators. Still, if the rumblings from European authorities are anything to go by, Google will soon face much stiffer headwinds on the continent.
When Google Street View cars were found to be accidentally harvesting data from nearby Wi-Fi networks, France's privacy watchdog CNIL fined Google €100,000, the agency's largest ever fine. And CNIL didn't find any evidence that Google had done anything with the data it claims to have accidentally gathered – merely being caught in posession of it apparently raised European hackles. The CNIL fine was the beginning of a torrent of outrage that has seemed to swell in recent months. Last fall, CNIL again investigated Google (this time at the behest of the EU), insisting its privacy policy, covering all of its services, did not conform to European law, and that they would impose fines if the policy wasn't modified within months.
To add insult to injury, French Technology Minister Fleur Pellerin suggested that Google ought to start paying for the web's infrastructure, too. "We need to ask serious questions about how Web companies can put some money into networks," he said, with what we hope was a wink and a gesture mimicking the rubbing of two bills together.
Additionally, an EU committee is scheduled to meet on Thursday to mull over a major data-security policy change, one which would require companies such as Google and Facebook to make all of the data it has on an individual available to be downloaded, for free, at any time. The cost of implementing such a program would be significant, and the fines for not following the new rules would be considerable; a Deloitte report estimates that, with maximum proposed fines topping out at 2 per cent of worldwide annual revenue, a breach could cost Google as much as $580-million. If a much more restrictive policy is implemented, it would give North American regulators a powerful bargaining chip for the next round of negotiations.
In the meantime, investors ought to start factoring regulatory risk, or even a partial retreat (eliminating services that rely heavily on personal data) from the European market, into their valuations of social media companies. During one part of the Google Street View dispute, Google threatened to pull Street View out of Europe entirely. If the regulatory burdens squeeze out profitability for some of its services, Google might simply take those particular balls out of the European courts and go home.