Feeds

Google tramples over Euro data protection law – French watchdog

37 US attorneys general also 'troubled' by personal info being 'held hostage'

The Power of One Infographic

Google is hours away from changing its terms of service for its users, just as French data protection authority CNIL once again urged Larry Page's company to postpone its planned cut-and-shut tweak to its privacy policies.

It said in a letter (PDF) to Page that CNIL's "preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially the information provided to data subjects."

The DP watchdog added that it was disappointed by Google's claim that it had "extensively pre-briefed" data protection authorities across the EU. CNIL countered that that wasn't the case.

Those authorities that were told in advance about Google's planned changes to its terms of service only saw the contents of the privacy policy "hours before its public release", CNIL said.

It called on the search engine giant to comply with articles 10 and 11 of the directive, which would require Google to beef up the current wording of its new terms of service document with "specific information" to make its privacy policy about individual products and services much clearer.

Google has recently been insisting publicly that it only really offers one type of service: search results that are underpinned by ads. The company has been trying, at the same time, to make its online estate much stickier. It's a move that dramatically shifts Google away from how it once claimed to do business.

CNIL said it was particularly concerned about how difficult it was to work out which data would be combined with which Google services. Even "trained privacy professionals" struggled to discern exactly what information the company would be tracking online.

The French DP watchdog added that it would send a questionnaire to Google before the middle of next month on behalf of the Article 29 Working Party - which is the EU data protection authority that asked CNIL to investigate Mountain View's incoming privacy changes.

Meanwhile, no less than 37 chief lawyers (PDF) in the US have requested an urgent meeting with Google's CEO ahead of tomorrow's deadline for debuting the data-handling changes.

They said:

We Attorneys General are... concerned that Google’s new privacy policy goes against a respect for privacy that Google has carefully cultivated as a way to attract consumers.

Google boasts that it puts a premium on offering users 'meaningful and fine-grained choices over the use of their personal information,' developing its products and services in ways that prevent personal information from being 'held hostage'.

It has made these and other privacy-respecting representations repeatedly over the years, and many consumers have chosen to use Google products over other products because of these representations. Now these same consumers are having their personal information 'held hostage' within the Google ecosystem.

As The Register has previously noted, Google isn't modifying its existing privacy policies in the sense that it won't suddenly begin collecting more data about its users.

Instead, the company is merging around 60 policies into one major document explaining more generally how it uses the information provided by anyone with a Google account.

But, for many privacy advocates there's a significant catch: Mountain View will be able to build up a much more sophisticated profile of individuals who use its products and services because it will now track its users across its online estate more precisely.

It's hoping that revenue-shy YouTube – which Google bought in 2007 for $1.65bn – will be one such property that benefits from the changes, because from tomorrow the world's largest ad broker will be able to pepper the video-sharing site with relevant search results from information garnered via, for example, Gmail.

This change has in fact been expected for some time, given Page's decision to streamline Google's products and services as well as to heavily brand the company's entire online ranch with Google+ – the Chocolate Factory's social network. In addition, ID signups have effectively been pooled into one account which will rule them all.

And it's that final point that is arguably the most significant. El Reg presaged what some of this stuff would mean for Google users here.

Google, for its part, has tried to bat away many of the concerns expressed by US lawmakers and European data protection watchdogs by issuing mealy-mouthed missives explaining why it thinks it is operating within the law.

The company has been busily notifying all its users of the imminent changes by emailing Gmailers and adding a constant "This stuff matters" message about the privacy policy tweaks to YouTube, search and so on.

The only trouble is, not that many people are listening. Here in the UK, only 12 per cent of Google service users have read the new policy, according to results of a YouGov poll carried out on behalf of civil rights campaigner Big Brother Watch.

Worse still, 47 per cent of those people surveyed didn't even know that Google is about to change its terms of service.

Google's European privacy counsel Peter Fleischer reiterated to CNIL that Mountain View would not be halting the changes to the firm's privacy policy.

"To pause now would cause a great deal of confusion for users," he said, before adding: "We have given well over a month for our users to read and understand the privacy policy changes, and have provided extensive information on these changes for our users." ®

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
Sit back down, Julian Assange™, you're not going anywhere just yet
Swedish court refuses to withdraw arrest warrant
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
British cops cuff 660 suspected paedophiles
Arrests people allegedly accessing child abuse images online
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.