17 Oct 2012

EU regulators: Google privacy policy has legal ‘irregularities’ and may not be ‘in compliance’ with law

By Madison Ruppert: The new Google privacy policy, which was updated earlier this year, is now coming under fire from regulators in the European Union.
U.S. Senator Charles Schumer previously called for an investigation into this privacy policy to be carried out by the Federal Trade Commission (FTC) although any such investigation would be questionable at best.
Seeing as Google has such a tight relationship with the United States government and was cleared of wrongdoing by the Federal Communications Commission (FCC) related to their spying on Americans, any investigation carried out by an American government entity would likely be laughable.
However, the European Union’s data protection and privacy regulators have stepped up to the plate, challenging the legality of the new integrated Google privacy policy.
The French Commission Nationale de l’Informatique et des Libertes (CNIL) was tasked with the investigation. Representatives of CNIL noted in a press conference that users are forced to agree to Google’s new privacy policy while users should be given the choice to opt-out of the policy.
Of course Google’s response to such challenges is, essentially, that users can simply opt out of using their services entirely if they have a problem with their new policies.
The CNIL representatives said that the new Google privacy policy has legal “irregularities” and indeed may not actually be “in compliance” with EU law.
Furthermore, they argue that the scope of Google’s policy is “too wide” and that the company should give users more control over their personal data.
The group also published a dozen or so recommendations for Google’s policy and the Article 29 Working Party, a group of data protection regulators from every member state, said that the 27 EU authorities have already “unanimously adopted the findings of the audit.”
Among other recommendations, “the CNIL suggested Google should strengthen the consent sought for combining data for the purposes of service improvement and advertising; provide a centralized opt-out solution; and adapt the combination rules to distinguish between security and advertising,” according to CNET.
They also pointed out that Google does not make it clear how long they retain user data for. None of this is surprising and honestly I think most of the recommendations will not be implemented because Google’s business is, in fact, data mining.
Isabelle Falque-Pierrotin, CNIL president, stated that Google has “not demonstrated its commitment” to the European Data Protection Directive’s principles. The European Data Protection Directive governs data transfer and storage laws in all 27 states that are members of the European Union.
In anticipation of what will likely be a common objection to the CNIL’s recommendations, she pointed out that it is “not the goal to declare war on Google and stifle innovation,” but they are still dedicated to reminding Google of its “responsibilities.”
Unfortunately, the CNIL stopped far short of demanding what some sources claimed they would.
On October 15, 2012 the British Guardian reported that Google would “be told by EU to unravel data policy” according to their sources, but that obviously did not happen.
Not only did they fall far short of actually calling on Google to “unravel” their privacy policy, they also said that they will give Google three to four months to follow their recommendations.
“We have received the report and are reviewing it now,” said Peter Fleischer, Google’s global privacy counsel. “Our new privacy policy demonstrates our long-standing commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.”
Interestingly, EU regulators actually brought up similar concerns about Google’s new privacy policy before it actually became active on March 1 of this year. At the time, Google called the EU’s concerns a “surprise” and went ahead with the implementation of their privacy policy anyway.
The regulars are calling on Google to seek “explicit consent” from users when combining their data across the various Google services, which is the exact opposite of what Google did previously.
Google simply implemented the policy and told users that they either would agree or close their account. It will be quite interesting to see if and how Google complies with the EU regulator’s recommendations.

No comments:

Post a Comment