Feeds

Google tramples over Euro data protection law – French watchdog

37 US attorneys general also 'troubled' by personal info being 'held hostage'

Designing a Defense for Mobile Applications

Google is hours away from changing its terms of service for its users, just as French data protection authority CNIL once again urged Larry Page's company to postpone its planned cut-and-shut tweak to its privacy policies.

It said in a letter (PDF) to Page that CNIL's "preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially the information provided to data subjects."

The DP watchdog added that it was disappointed by Google's claim that it had "extensively pre-briefed" data protection authorities across the EU. CNIL countered that that wasn't the case.

Those authorities that were told in advance about Google's planned changes to its terms of service only saw the contents of the privacy policy "hours before its public release", CNIL said.

It called on the search engine giant to comply with articles 10 and 11 of the directive, which would require Google to beef up the current wording of its new terms of service document with "specific information" to make its privacy policy about individual products and services much clearer.

Google has recently been insisting publicly that it only really offers one type of service: search results that are underpinned by ads. The company has been trying, at the same time, to make its online estate much stickier. It's a move that dramatically shifts Google away from how it once claimed to do business.

CNIL said it was particularly concerned about how difficult it was to work out which data would be combined with which Google services. Even "trained privacy professionals" struggled to discern exactly what information the company would be tracking online.

The French DP watchdog added that it would send a questionnaire to Google before the middle of next month on behalf of the Article 29 Working Party - which is the EU data protection authority that asked CNIL to investigate Mountain View's incoming privacy changes.

Meanwhile, no less than 37 chief lawyers (PDF) in the US have requested an urgent meeting with Google's CEO ahead of tomorrow's deadline for debuting the data-handling changes.

They said:

We Attorneys General are... concerned that Google’s new privacy policy goes against a respect for privacy that Google has carefully cultivated as a way to attract consumers.

Google boasts that it puts a premium on offering users 'meaningful and fine-grained choices over the use of their personal information,' developing its products and services in ways that prevent personal information from being 'held hostage'.

It has made these and other privacy-respecting representations repeatedly over the years, and many consumers have chosen to use Google products over other products because of these representations. Now these same consumers are having their personal information 'held hostage' within the Google ecosystem.

As The Register has previously noted, Google isn't modifying its existing privacy policies in the sense that it won't suddenly begin collecting more data about its users.

Instead, the company is merging around 60 policies into one major document explaining more generally how it uses the information provided by anyone with a Google account.

But, for many privacy advocates there's a significant catch: Mountain View will be able to build up a much more sophisticated profile of individuals who use its products and services because it will now track its users across its online estate more precisely.

It's hoping that revenue-shy YouTube – which Google bought in 2007 for $1.65bn – will be one such property that benefits from the changes, because from tomorrow the world's largest ad broker will be able to pepper the video-sharing site with relevant search results from information garnered via, for example, Gmail.

This change has in fact been expected for some time, given Page's decision to streamline Google's products and services as well as to heavily brand the company's entire online ranch with Google+ – the Chocolate Factory's social network. In addition, ID signups have effectively been pooled into one account which will rule them all.

And it's that final point that is arguably the most significant. El Reg presaged what some of this stuff would mean for Google users here.

Google, for its part, has tried to bat away many of the concerns expressed by US lawmakers and European data protection watchdogs by issuing mealy-mouthed missives explaining why it thinks it is operating within the law.

The company has been busily notifying all its users of the imminent changes by emailing Gmailers and adding a constant "This stuff matters" message about the privacy policy tweaks to YouTube, search and so on.

The only trouble is, not that many people are listening. Here in the UK, only 12 per cent of Google service users have read the new policy, according to results of a YouGov poll carried out on behalf of civil rights campaigner Big Brother Watch.

Worse still, 47 per cent of those people surveyed didn't even know that Google is about to change its terms of service.

Google's European privacy counsel Peter Fleischer reiterated to CNIL that Mountain View would not be halting the changes to the firm's privacy policy.

"To pause now would cause a great deal of confusion for users," he said, before adding: "We have given well over a month for our users to read and understand the privacy policy changes, and have provided extensive information on these changes for our users." ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.