Feeds

Google tramples over Euro data protection law – French watchdog

37 US attorneys general also 'troubled' by personal info being 'held hostage'

Providing a secure and efficient Helpdesk

Google is hours away from changing its terms of service for its users, just as French data protection authority CNIL once again urged Larry Page's company to postpone its planned cut-and-shut tweak to its privacy policies.

It said in a letter (PDF) to Page that CNIL's "preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially the information provided to data subjects."

The DP watchdog added that it was disappointed by Google's claim that it had "extensively pre-briefed" data protection authorities across the EU. CNIL countered that that wasn't the case.

Those authorities that were told in advance about Google's planned changes to its terms of service only saw the contents of the privacy policy "hours before its public release", CNIL said.

It called on the search engine giant to comply with articles 10 and 11 of the directive, which would require Google to beef up the current wording of its new terms of service document with "specific information" to make its privacy policy about individual products and services much clearer.

Google has recently been insisting publicly that it only really offers one type of service: search results that are underpinned by ads. The company has been trying, at the same time, to make its online estate much stickier. It's a move that dramatically shifts Google away from how it once claimed to do business.

CNIL said it was particularly concerned about how difficult it was to work out which data would be combined with which Google services. Even "trained privacy professionals" struggled to discern exactly what information the company would be tracking online.

The French DP watchdog added that it would send a questionnaire to Google before the middle of next month on behalf of the Article 29 Working Party - which is the EU data protection authority that asked CNIL to investigate Mountain View's incoming privacy changes.

Meanwhile, no less than 37 chief lawyers (PDF) in the US have requested an urgent meeting with Google's CEO ahead of tomorrow's deadline for debuting the data-handling changes.

They said:

We Attorneys General are... concerned that Google’s new privacy policy goes against a respect for privacy that Google has carefully cultivated as a way to attract consumers.

Google boasts that it puts a premium on offering users 'meaningful and fine-grained choices over the use of their personal information,' developing its products and services in ways that prevent personal information from being 'held hostage'.

It has made these and other privacy-respecting representations repeatedly over the years, and many consumers have chosen to use Google products over other products because of these representations. Now these same consumers are having their personal information 'held hostage' within the Google ecosystem.

As The Register has previously noted, Google isn't modifying its existing privacy policies in the sense that it won't suddenly begin collecting more data about its users.

Instead, the company is merging around 60 policies into one major document explaining more generally how it uses the information provided by anyone with a Google account.

But, for many privacy advocates there's a significant catch: Mountain View will be able to build up a much more sophisticated profile of individuals who use its products and services because it will now track its users across its online estate more precisely.

It's hoping that revenue-shy YouTube – which Google bought in 2007 for $1.65bn – will be one such property that benefits from the changes, because from tomorrow the world's largest ad broker will be able to pepper the video-sharing site with relevant search results from information garnered via, for example, Gmail.

This change has in fact been expected for some time, given Page's decision to streamline Google's products and services as well as to heavily brand the company's entire online ranch with Google+ – the Chocolate Factory's social network. In addition, ID signups have effectively been pooled into one account which will rule them all.

And it's that final point that is arguably the most significant. El Reg presaged what some of this stuff would mean for Google users here.

Google, for its part, has tried to bat away many of the concerns expressed by US lawmakers and European data protection watchdogs by issuing mealy-mouthed missives explaining why it thinks it is operating within the law.

The company has been busily notifying all its users of the imminent changes by emailing Gmailers and adding a constant "This stuff matters" message about the privacy policy tweaks to YouTube, search and so on.

The only trouble is, not that many people are listening. Here in the UK, only 12 per cent of Google service users have read the new policy, according to results of a YouGov poll carried out on behalf of civil rights campaigner Big Brother Watch.

Worse still, 47 per cent of those people surveyed didn't even know that Google is about to change its terms of service.

Google's European privacy counsel Peter Fleischer reiterated to CNIL that Mountain View would not be halting the changes to the firm's privacy policy.

"To pause now would cause a great deal of confusion for users," he said, before adding: "We have given well over a month for our users to read and understand the privacy policy changes, and have provided extensive information on these changes for our users." ®

Beginner's guide to SSL certificates

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.