Make in-app payments easy and secure with Apple Pay. Click here to see how.
Welcome Guest | Sign In
LinuxInsider.com

EU Gives Google a Privacy To-Do List

EU Gives Google a Privacy To-Do List

The EU is more prickly about privacy than the U.S., but its concerns about Google's global policy may be justified. "With such an arsenal of information, Google and its marketing partners will likely know more about the user's interests and proclivities than the user herself, or the user's psychologist, could ever know or ascertain," observed Brooklyn Law professor Jonathan Askin.

By Erika Morphy E-Commerce Times ECT News Network
10/17/12 8:38 AM PT

It appears Google is catching flak from regulators on both sides of the Atlantic. European privacy authorities have asked Google to modify its global privacy policy in order to give users a better understanding of what personal data is being collected.

The move comes on the heels of rumors that the Federal Trade Commission is about to launch an antitrust suit against the company.

Earlier this year, Europe voiced strong doubts about Google's move to junk the separate privacy policies associated with its many products in favor of one streamlined policy. Google has maintained that having one privacy policy is easier for consumers to understand.

Critics argue that it allows Google to collect more information about consumers as they use the various services in Google's empire -- and then aggregate that customer data to create a more-informed picture of the user.

The Investigation

After Google announced its plans to implement the change, the EU Data Protection authorities went to work: The French organization CNIL was tapped to probe what this change would mean to consumers.

Two successive questionnaires were sent to Google and the company replied. However, several answers were incomplete or approximate, and Google did not provide satisfactory answers on key issues such as the description of its personal data processing operations or the precise list of the 60 or more product-specific privacy policies that have been merged in the new policy, CNIL claimed.

The Follow-up

Hence, the request that Google to provide more information about the collected data as well as the purposes of each of its operations for processing personal data.

CNIL also suggested several changes Google should make, such as presenting three levels of detail to ensure conformance with its directive. It also suggested interactive presentations.

Google should modify its practices when combining data across services, advised CNIL, by giving users the opportunity to choose when their data could be combined, to centralize the right to opt out, and to allow users to choose the services for which their data could be combined.

What's Next?

Google reportedly is reviewing the CNIL findings and is confident it is in compliance with European law. CNIL hints otherwise, nothing that it is not clear whether Google respects the EU's data protection principles: purpose limitation, data quality, data minimization, proportionality, and right to object.

"The recommendations of the EU Data protection authorities have been sent to Google to allow the company to upgrade its privacy Policy practices, CNIL said. "This letter is individually signed by 27 European data protection authorities for the first time and it is a significant step forward in the mobilization of European authorities."

Google and CNIL did not respond to our requests for further details.

Too Much Information vs.Too Many Policies

There is a case to be made for both sides of this argument, at least in the U.S. Clearly, Google is accumulating a lot of information about its users, Jonathan Askin, a professor at Brooklyn Law School, told the E-Commerce Times.

"With such an arsenal of information, Google and its marketing partners will likely know more about the user's interests and proclivities than the user herself, or the user's psychologist, could ever know or ascertain," he quipped.

Also, the combining of data about a user across multiple services is of understandable concern to regulators and privacy watchdogs, said Askin. "Users often use different Google services for distinct purposes, and might be willing to allow Google and its marketing partners access to user information in connection with some Google services, but not for others."

For instance, a user might be willing to allow Youtube marketing partners access to information about videos watched, said Askin, but might prefer that the same marketer not have access to, say, Gmail data.

However, what the EU is suggesting won't necessarily rectify these issues and could complicate matters more, Ryan Radia, an analyst with the Competitive Enterprise Institute, told the E-Commerce Times.

Google has become so big that it would be difficult for it to distill precisely how using product A will be combined with the user's access to Products B, C and Z, he said.

The list of potential uses will be long, complex and no doubt written in legalese, which the consumer will gloss over, predicted Radia. "I can't imagine someone reading through a list like that on a regular basis."


Facebook Twitter LinkedIn Google+ RSS