Feeds

Google tramples over Euro data protection law – French watchdog

37 US attorneys general also 'troubled' by personal info being 'held hostage'

Boost IT visibility and business value

Google is hours away from changing its terms of service for its users, just as French data protection authority CNIL once again urged Larry Page's company to postpone its planned cut-and-shut tweak to its privacy policies.

It said in a letter (PDF) to Page that CNIL's "preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE), especially the information provided to data subjects."

The DP watchdog added that it was disappointed by Google's claim that it had "extensively pre-briefed" data protection authorities across the EU. CNIL countered that that wasn't the case.

Those authorities that were told in advance about Google's planned changes to its terms of service only saw the contents of the privacy policy "hours before its public release", CNIL said.

It called on the search engine giant to comply with articles 10 and 11 of the directive, which would require Google to beef up the current wording of its new terms of service document with "specific information" to make its privacy policy about individual products and services much clearer.

Google has recently been insisting publicly that it only really offers one type of service: search results that are underpinned by ads. The company has been trying, at the same time, to make its online estate much stickier. It's a move that dramatically shifts Google away from how it once claimed to do business.

CNIL said it was particularly concerned about how difficult it was to work out which data would be combined with which Google services. Even "trained privacy professionals" struggled to discern exactly what information the company would be tracking online.

The French DP watchdog added that it would send a questionnaire to Google before the middle of next month on behalf of the Article 29 Working Party - which is the EU data protection authority that asked CNIL to investigate Mountain View's incoming privacy changes.

Meanwhile, no less than 37 chief lawyers (PDF) in the US have requested an urgent meeting with Google's CEO ahead of tomorrow's deadline for debuting the data-handling changes.

They said:

We Attorneys General are... concerned that Google’s new privacy policy goes against a respect for privacy that Google has carefully cultivated as a way to attract consumers.

Google boasts that it puts a premium on offering users 'meaningful and fine-grained choices over the use of their personal information,' developing its products and services in ways that prevent personal information from being 'held hostage'.

It has made these and other privacy-respecting representations repeatedly over the years, and many consumers have chosen to use Google products over other products because of these representations. Now these same consumers are having their personal information 'held hostage' within the Google ecosystem.

As The Register has previously noted, Google isn't modifying its existing privacy policies in the sense that it won't suddenly begin collecting more data about its users.

Instead, the company is merging around 60 policies into one major document explaining more generally how it uses the information provided by anyone with a Google account.

But, for many privacy advocates there's a significant catch: Mountain View will be able to build up a much more sophisticated profile of individuals who use its products and services because it will now track its users across its online estate more precisely.

It's hoping that revenue-shy YouTube – which Google bought in 2007 for $1.65bn – will be one such property that benefits from the changes, because from tomorrow the world's largest ad broker will be able to pepper the video-sharing site with relevant search results from information garnered via, for example, Gmail.

This change has in fact been expected for some time, given Page's decision to streamline Google's products and services as well as to heavily brand the company's entire online ranch with Google+ – the Chocolate Factory's social network. In addition, ID signups have effectively been pooled into one account which will rule them all.

And it's that final point that is arguably the most significant. El Reg presaged what some of this stuff would mean for Google users here.

Google, for its part, has tried to bat away many of the concerns expressed by US lawmakers and European data protection watchdogs by issuing mealy-mouthed missives explaining why it thinks it is operating within the law.

The company has been busily notifying all its users of the imminent changes by emailing Gmailers and adding a constant "This stuff matters" message about the privacy policy tweaks to YouTube, search and so on.

The only trouble is, not that many people are listening. Here in the UK, only 12 per cent of Google service users have read the new policy, according to results of a YouGov poll carried out on behalf of civil rights campaigner Big Brother Watch.

Worse still, 47 per cent of those people surveyed didn't even know that Google is about to change its terms of service.

Google's European privacy counsel Peter Fleischer reiterated to CNIL that Mountain View would not be halting the changes to the firm's privacy policy.

"To pause now would cause a great deal of confusion for users," he said, before adding: "We have given well over a month for our users to read and understand the privacy policy changes, and have provided extensive information on these changes for our users." ®

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.