Feeds

Google rolls out privacy policy, snubs Euro outcry

Ex-FTC bigwig slams 'arrogant' Choc Factory

SANS - Survey on application security programs

Google has defended its decision to combine around 60 of its privacy policies into one simplified document that makes it clear that users of the company's products and services will be more uniformly tracked by the Chocolate Factory.

The search giant debuted its revised terms of service today, after announcing in late January that it would be tweaking its data-handling policy to cross-pollinate its huge online business with a single ID verification process to more accurately target its users.

Privacy advocates, data protection officials and top lawyers have been hugely critical of the move. Google's privacy policy overhaul even prompted the independent European advisory body on DP the Article 29 Working Group – which is vice-chaired by the UK's Information Commissioner Christopher Graham – to task French regulator CNIL with investigating Google's actions.

The preliminary response from CNIL, as we reported yesterday, was to confirm that Google's changes to its privacy policy did not meet the requirements of the current European 1995 Data Protection law.

Nevertheless Google has implemented the tweaks and defended the move by saying that halting it at this stage would "confuse" the firm's userbase.

At a seminar hosted by Microsoft-backed Brussels' lobbyist ICOMP in London last night, Graham danced around the question of whether Google was in the wrong.

"We don't know if Google is operating outside of EU law... I'm not going to say it isn't lawful as it's being investigated," he said.

Graham had earlier noted that the company's CEO Larry Page deserved some "credit" after Google sent out "consumer alerts" earlier this year, but further pointed out that Page had failed to answer the question on lawfulness levelled at him by CNIL.

Google's UK policy wonk, Theo Bertram, was the one lonely Choc Factory voice at the ICOMP seminar last night. He asked the speaker, ex-US Federal Trade Commissioner Pamela Jones Harbour, to explain how Google could have better communicated the changes to its users.

Jones Harbour, who sits on the Electronic Privacy Information Center's advisory board, declined to answer by saying she didn't speak for Microsoft – a company to which she currently offers legal representation, although in her previous role at the FTC she fought against Redmond over antitrust behaviour relating to the browser market.

After the event, Bertram told The Register that the former commissioner's argument against Google's data-handling and dominance in search would have been much stronger had she provided a more "balanced view" of the current online landscape.

Jones Harbour, who is a partner at Fulbright & Jaworski LLP, countered in a telephone conversation with this reporter this morning that Microsoft's search engine Bing has just 3 per cent market share in Europe, and added that Google's dominance in the online business deserved scrutiny not only by data protection watchdogs but also from antitrust regulators.

The lawyer cited the Article 29 Working Group's previous discussion with Europe's Directorate General for competition about Google's 2007 takeover of ad company DoubleClick.

Those talks didn't lead anywhere, however. Jones Harbour reckons that it's now "time for competition officials to take another look".

It's unclear whether the European Commission might yet widen its current investigation of Google's business practices to work out if that behaviour has been anti-competitive in the EU market by also considering how the company collects data from its users, given today's significant terms of service tweak.

For Jones Harbour, competition and privacy in the online world needs to be much more closely knitted together by antitrust watchdogs then is currently the case.

"The traditional ways of looking at the market don't apply here when it comes to companies such as Google," she said.

The lawyer added that she had never seen a business behave in the way Google had by declining to halt its privacy tweaks while DPAs scrutinised the move.

She claimed that "Google is arrogantly saying 'make me do it' to regulators".

Meanwhile, Google's Alma Whitten reiterated what the privacy policy revamp meant in a blog post confirming that the company had effectively ignored CNIL's request:

"The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe." ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.