Feeds

Google tramples over Euro data protection law – French watchdog

37 US attorneys general also 'troubled' by personal info being 'held hostage'

Reducing the cost and complexity of web vulnerability management

Google is hours away from changing its terms of service for its users, just as French data protection authority CNIL once again urged Larry Page's company to postpone its planned cut-and-shut tweak to its privacy policies.

It said in a letter (PDF) to Page that CNIL's "preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially the information provided to data subjects."

The DP watchdog added that it was disappointed by Google's claim that it had "extensively pre-briefed" data protection authorities across the EU. CNIL countered that that wasn't the case.

Those authorities that were told in advance about Google's planned changes to its terms of service only saw the contents of the privacy policy "hours before its public release", CNIL said.

It called on the search engine giant to comply with articles 10 and 11 of the directive, which would require Google to beef up the current wording of its new terms of service document with "specific information" to make its privacy policy about individual products and services much clearer.

Google has recently been insisting publicly that it only really offers one type of service: search results that are underpinned by ads. The company has been trying, at the same time, to make its online estate much stickier. It's a move that dramatically shifts Google away from how it once claimed to do business.

CNIL said it was particularly concerned about how difficult it was to work out which data would be combined with which Google services. Even "trained privacy professionals" struggled to discern exactly what information the company would be tracking online.

The French DP watchdog added that it would send a questionnaire to Google before the middle of next month on behalf of the Article 29 Working Party - which is the EU data protection authority that asked CNIL to investigate Mountain View's incoming privacy changes.

Meanwhile, no less than 37 chief lawyers (PDF) in the US have requested an urgent meeting with Google's CEO ahead of tomorrow's deadline for debuting the data-handling changes.

They said:

We Attorneys General are... concerned that Google’s new privacy policy goes against a respect for privacy that Google has carefully cultivated as a way to attract consumers.

Google boasts that it puts a premium on offering users 'meaningful and fine-grained choices over the use of their personal information,' developing its products and services in ways that prevent personal information from being 'held hostage'.

It has made these and other privacy-respecting representations repeatedly over the years, and many consumers have chosen to use Google products over other products because of these representations. Now these same consumers are having their personal information 'held hostage' within the Google ecosystem.

As The Register has previously noted, Google isn't modifying its existing privacy policies in the sense that it won't suddenly begin collecting more data about its users.

Instead, the company is merging around 60 policies into one major document explaining more generally how it uses the information provided by anyone with a Google account.

But, for many privacy advocates there's a significant catch: Mountain View will be able to build up a much more sophisticated profile of individuals who use its products and services because it will now track its users across its online estate more precisely.

It's hoping that revenue-shy YouTube – which Google bought in 2007 for $1.65bn – will be one such property that benefits from the changes, because from tomorrow the world's largest ad broker will be able to pepper the video-sharing site with relevant search results from information garnered via, for example, Gmail.

This change has in fact been expected for some time, given Page's decision to streamline Google's products and services as well as to heavily brand the company's entire online ranch with Google+ – the Chocolate Factory's social network. In addition, ID signups have effectively been pooled into one account which will rule them all.

And it's that final point that is arguably the most significant. El Reg presaged what some of this stuff would mean for Google users here.

Google, for its part, has tried to bat away many of the concerns expressed by US lawmakers and European data protection watchdogs by issuing mealy-mouthed missives explaining why it thinks it is operating within the law.

The company has been busily notifying all its users of the imminent changes by emailing Gmailers and adding a constant "This stuff matters" message about the privacy policy tweaks to YouTube, search and so on.

The only trouble is, not that many people are listening. Here in the UK, only 12 per cent of Google service users have read the new policy, according to results of a YouGov poll carried out on behalf of civil rights campaigner Big Brother Watch.

Worse still, 47 per cent of those people surveyed didn't even know that Google is about to change its terms of service.

Google's European privacy counsel Peter Fleischer reiterated to CNIL that Mountain View would not be halting the changes to the firm's privacy policy.

"To pause now would cause a great deal of confusion for users," he said, before adding: "We have given well over a month for our users to read and understand the privacy policy changes, and have provided extensive information on these changes for our users." ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.