EU Justice Commissioner Viviane Reding has stated that Google's new privacy policy, launched on 1 March, contravenes European law.
The new policy, announced by Google in January, consolidates 70 plus privacy policies into one main document to govern the majority of its products and services. Google stated that one of its primary aims is to explain what information is collected and how it is used in a much more "readable way", with less "legal gloop to wade through".
Google have cited that the multiple policies were over complicated and at odds with their efforts to integrate its different products and services more closely.
In practice, according to Google, users signed in to Google Accounts will be treated as a single user across all the products, meaning Google is able to combine information provided in relation to one service with information from other services. Essentially, private information collected from browsing data and web history by one Google service can be shared with its other platforms, including YouTube, Gmail, Google+ and Blogger. It is claimed this is to allow Google to offer better targeted advertising to users, and customise search results more efficiently. Social networking site Linkedin implemented similar measures last year. Under the guise of providing more privacy control to the user, the social network automatically opted-in its circa 100 million users into the social advertising program without informing them of the change beyond a blog post. Shown by default were the names and photos of users within the thirdparty advertisements they had recommended or followed. Following a backlash, only the number of users in your network who like or follow the brand are displayed, also by default.
Google stated it was confident that its "new simple, clear and transparent privacy policy respects all European data protection laws and principle". However, EU data protection agencies beg to differ, concluding that the new policy does not meet the requirements of the EU Directive on Data Protection. Following an investigation by France's privacy watchdog CNIL (Commission national de l'informatique et des libertes) Reding announced they "have come to the conclusion that they are deeply concerned, and that the new rules are not in accordance with the European law, and that the transparency rules have not been applied".
Despite being warned of CNIL's concerns, Google proceeded with the launch, and defended the policy stating it will not change any existing privacy settings or how information is shared outside of Google, with no additional information being collected.
Google's privacy policy has also been described as "too vague" by David Smith, Deputy Commissioner at the UK's Information Commissioner's Office. The requirement under the Data Protection Act 1998 is for a company to tell people what it actually intends to do with their data, not just what it might do at some unspecified point in future. Being vague does not help give users effective control over how their information is shared.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
