Google's Privacy Policy Raises Concerns About Data Protection in Europe
France's data protection regulator will launch an official investigation into Google's new privacy policy and said that its preliminary view was that it did not conform with European laws on protecting individuals' privacy.
The Commission Nationale de l'Informatique et des Libertes (CNIL) analysed Google's new privacy policy and preliminary findings showed that Google's new policy failled to meet the requirements of the European Data Protection Directive (95/46/CE) regarding the information that must be provided to data subjects. Moreover, the CNIL and the EU data protection authorities are deeply concerned about the combination of data across services and will continue their investigations with Google's representatives. The CNIL reiterated its request to Google to postpone the application of the new policy. Google has announced that its new privacy policy will be effective on 1 March 2012.
"The CNIL and the EU data protection authorities regret that Google did not accept to delay the application of this new policy which raises legitimate concerns about the protection of the personal data of European citizens," reads a CNIL statement.
"While the CNIL and the EU data protection authorities welcome Google's initiative to streamline and simplify its privacy policies, they firmly believe that this effort should not be conducted at the expense of transparency and comprehensiveness. By merging the privacy policies of its services, Google makes it impossible to understand which purposes, personal data, recipients or access rights are relevant to the use of a specific service. As such, Google?s new policy fails to meet the requirements of the European Data Protection Directive regarding the information that must be provided to data subjects. Google should supplement existing information with processing- and purpose-specific information," CNIL added.
CNIL said that rather than promoting transparency, the terms of the new policy and the fact that Google claims it will combine data across services raise fears and questions about Google?s actual practices. Under the new policy, users understand that Google will be able to track and combine a large part of their online activities thanks to products such as Android, Analytics or its advertising services.
As a preliminary step, the CNIL has sent a letter to Google exposing these concerns. Considering the preliminary findings of the investigation, the CNIL reiterated the request to Google to postpone the application of the new policy.
It is already the subject of an inquiry by both the EU's competition authority and the U.S. Federal Trade Commission into how the company ranks its search results and whether it favors its own products over rivals. The inquiries are based in part on complaints from French rivals.
The FTC expanded its probe on January 13 to include Google's social networking site Google+.
The European Commission in January also set out legislative plans to overhaul its old data protection rules, putting in place much more stringent policies on the protection of individuals' data.
Under the new proposed EU rules, internet companies such as Google, Facebook and Yahoo would have to ask users whether they can store and sell their data to other businesses, such as advertisers, which is source of almost all their income.
Internet users can also ask for their data to be deleted from websites for good, the so-called "right to be forgotten."
"The CNIL and the EU data protection authorities regret that Google did not accept to delay the application of this new policy which raises legitimate concerns about the protection of the personal data of European citizens," reads a CNIL statement.
"While the CNIL and the EU data protection authorities welcome Google's initiative to streamline and simplify its privacy policies, they firmly believe that this effort should not be conducted at the expense of transparency and comprehensiveness. By merging the privacy policies of its services, Google makes it impossible to understand which purposes, personal data, recipients or access rights are relevant to the use of a specific service. As such, Google?s new policy fails to meet the requirements of the European Data Protection Directive regarding the information that must be provided to data subjects. Google should supplement existing information with processing- and purpose-specific information," CNIL added.
CNIL said that rather than promoting transparency, the terms of the new policy and the fact that Google claims it will combine data across services raise fears and questions about Google?s actual practices. Under the new policy, users understand that Google will be able to track and combine a large part of their online activities thanks to products such as Android, Analytics or its advertising services.
As a preliminary step, the CNIL has sent a letter to Google exposing these concerns. Considering the preliminary findings of the investigation, the CNIL reiterated the request to Google to postpone the application of the new policy.
It is already the subject of an inquiry by both the EU's competition authority and the U.S. Federal Trade Commission into how the company ranks its search results and whether it favors its own products over rivals. The inquiries are based in part on complaints from French rivals.
The FTC expanded its probe on January 13 to include Google's social networking site Google+.
The European Commission in January also set out legislative plans to overhaul its old data protection rules, putting in place much more stringent policies on the protection of individuals' data.
Under the new proposed EU rules, internet companies such as Google, Facebook and Yahoo would have to ask users whether they can store and sell their data to other businesses, such as advertisers, which is source of almost all their income.
Internet users can also ask for their data to be deleted from websites for good, the so-called "right to be forgotten."