In March 2012, Google changed its privacy policies to combine the data of individual users of 60 internet services such as YouTube, Gmail and social network Google+. Users were not provided with an opportunity to "opt out" of this process. Google pools anonymous user data, so that keywords from the pool can be used to automatically generate targeted advertisements (relating to products of third parties) to Google users. The bigger the data pool, the better is Google's ability to sell online advertisements.
The European data regulators have objected to these changes and have taken the position that this bundling of data constitutes a potential high risk to individuals' privacy. In October 2012, officials representing 24 countries in Europe directed Google to comply with European data protection laws, which give users greater control over their personal information. The French Data Protection Commissioner, Commission nationale de l'informatique et des libertés (CNIL), acting on behalf of the European Union, determined that the Google privacy policy change was inconsistent with European data protection laws because Google "does not collect unambiguous consent of the user," and listed 12 steps that Google should implement in order to ensure compliance with the law.
CNIL recently stated it will take action against Google after the company failed to sufficiently reply to questions about its handling of user information, and will set up a further inquiry into Google's practices in this area because Google had not addressed the concerns raised by the EU data regulators.
Google takes the position that it has cooperated with the EU data regulators and that its practices do not violate any laws. Stay tuned!
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
