Business

European Union lays into Google over privacy policy

Charles Arthur

Google's changes to its privacy policies have been criticised by 30 European data-protection commissioners.

Google's changes to its privacy policies have been criticised for resulting in the 'uncontrolled' use of personal data without an individual's clear consent. (AFP)

They have been criticised for resulting in the "uncontrolled" use of personal data without an individual's clear consent, relating to their use of YouTube and Gmail.

The commissioners this week told Google to give people more detailed control over personal data and said the changes the search giant introduced in March amounted to breaking European data-protection law, because the company was storing, without consent, cookies and data about sites people visited for between 18 months and two years.

The French data-protection commission, the CNIL, led the inquiry and said that Google should, in effect, let users pick and choose how their data is used among different services such as Gmail, YouTube and Google+ – a dramatic rewrite of the single ­privacy policy Google introduced in March.

The body stopped short of demanding a wholesale recall of these changes, which unified Google's privacy policies – and data – from about 60 services into a single data store.

Google said it would consider its next steps, but denied it had broken the law. Peter Fleischer, the firm's global privacy counsel, said: "Our new privacy policy demonstrates our long-standing commitment to protecting our users' information and creating great products. We are confident that our privacy notices respect European law."

Comprehensive picture
Google's latest privacy policy means that it is simpler to sign up for a new Google-owned service. But it also means that Google can build up a more comprehensive picture of the user for advertising – for example, monitoring a person's use of YouTube to better target adverts within Gmail.

However, the commission noted that Google "provides insufficient information to its users on its personal-data processing operations" and does not tell people how long data will be held.

The CNIL said for Google users a visit to a site displaying a "+1" button is recorded and kept for at least 18 months and can be linked with data from other Google services. Data collected via a DoubleClick ad cookie – which is then associated with a unique identifying number – is stored by Google for two years and can be renewed without consultation.

The CNIL also criticised Google for being unco-operative when responding to commissioners' queries.

The report was applauded by privacy groups, although sources close to Google indicated that it mostly outlined actions the search giant "should" carry out rather than  "must" carry out, which is being interpreted as light-touch regulation rather than full-on confrontation.

Litigation route
But the commission may be biding its time. Bradley Shears, a United States lawyer, said: "It appears that the CNIL is providing Google one last opportunity to take the appropriate actions necessary to properly address its concerns before going down the litigation route."

Marc Dautlich, a specialist in data-protection law at Pinsent Masons in London, said: "If Google's get-out is that it's only being told 'should' rather than 'must', then it becomes a question of trust. How does a company purport to be transparent and trusted if they're put to the test and use a legal nicety to avoid it?"

European Union data-protection commissioners began examining Google's proposed changes to its privacy policies in February. The company went ahead with the March changes despite the CNIL's requests to delay them and warnings that they could be illegal.

Nick Pickles, director of privacy campaign group Big Brother Watch, said: "Consumers have been kept in the dark about how much data Google collects and what happens to that data.

"Unless people are aware just how much of their behaviour is being monitored and recorded, it is impossible to make an informed choice about using services." – © Guardian News & Media 2012

Topics In This Section

Comments

blog comments powered by Disqus