Google's New Privacy Policy Breaches European Law, Say Data Regulators

Google should delay introduction of the policy until European regulators have completed an investigation of the changes

By Peter Sayer
Tue, February 28, 2012

IDG News Service (Paris Bureau) — Google's new privacy policy does not comply with European data protection law, and the company should delay its introduction pending an investigation of the changes, the French data privacy regulator told Google CEO Larry Page in a letter on Monday. But the company said once again that it will press ahead with the new policy, set to go live on Thursday.

The French National Commission on Computing and Liberty (CNIL) wrote to Page to express the concerns of the Article 29 Working Group, an umbrella body for data protection regulators from European Union member states.

Page did not respond directly: The company's reply was signed on behalf of Google Global Privacy Counsel Peter Fleischer.

The Article 29 Working Group's chairman, Jacob Kohnstamm, had already written to Page on Feb. 2 asking the company to delay introduction of the new policy, but Google said then it had no intention of doing so.

In Google's latest refusal to comply, Fleischer said: "We have been keen to meet with the CNIL as lead authority on this matter and have reached out to your office on several occasions both prior to and since receiving Mr Kohnstamm's letter."

But, he continued, "Google are not in a position to pause the worldwide launch of our new privacy policy. [...] To pause now would cause a great deal of confusion for users."

User confusion is one of the reasons that CNIL and the other European data protection regulators want Google to reconsider its new policy.

The new policy essentially says that Google will use information from any one of its services to influence the performance of any of the others -- so someone's search results may be influenced by the content of their Gmail messages or the videos they watched on YouTube, or by their contacts, friends and followers across Google services.

CNIL president Isabelle Falque-Pierrotin told Google she welcomed Google's attempts to streamline and simplify its policies, but said that this should not happen at the expense of transparency or reader comprehension.

"The new privacy policy provides only general information about all the services and types of personal data Google processes. As a consequence, it is impossible for average users who read the new policy to distinguish which purposes, collected data, recipients or access rights are currently relevant to their use of a particular Google service. The fact that Google informs users about what it will not do with the data (such as sharing personal data with advertisers) is not sufficient to provide comprehensive information either," she wrote.

Continue Reading

Our Commenting Policies