EU institutions take on Google over privacy regime
By Benjamin Fox
Online search engine Google is under fire for its new privacy policy, which came into force yesterday (1 March), with the French Data Protection Authority (CNIL) saying it breaches EU law.
Justice commissioner Viviane Reding added to the criticism, indicating that Google's changes do not meet requirements laid out in her proposed revisions to the 17-year-old EU data protection directive.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
"Companies must ensure that their privacy policies are written in clear, everyday language, and that consumers are informed about who is using their data, and for what purposes, so they can make an informed choice," she told The Guardian newspaper on how she sees the new-model directive.
Hinting that the EU would launch a full investigation, Reding added that national data protection authorities across the EU had "strong doubts" about its legality.
One of her notable revisions is the 'right to be forgotten' article, which would give users the right to demand deletion of their online data. The draft directive also establishes clearer provisions requiring consumer consent before companies can use personal information.
For its part, the French regulator had insisted that Google delays implementation until it finished its analysis of implications.
CNIL had been tasked by EU data protection supervisors to assess whether Google's plans were compatible with EU data protection laws.
Google hopes to combine the personal data it collects from users from around 60 different products - including Blogger and YouTube - contending that this will improve its services and search results.
The search-engine's business model is based around offering free search and email facilities and selling space for targeted adverts. Under the new policy, customers who have signed up to any of Google's products covered by the new policy will be considered to have accepted terms and conditions. Users would not be able to continue using Google's services if they wanted to withdraw consent.
In a letter to Google chief executive Larry Page released on Wednesday, CNIL said that "our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection, especially regarding the information provided to data subjects."
It added "the CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services."
Commenting that customers had been provided with "only general information" on Google's services, it concluded that "it is not clear how Google aims to comply with the principle of consent laid down in Article 5 (3) of the revised ePrivacy Directive."
The centre-left Socialist and Democrat group in the EU parliament has also joined the attack, calling on the European Commission to take immediate legal action against Google for violating the EU data protection directive.
They are also calling for an urgent debate at the next Parliament plenary session in Strasbourg.
Sylvie Guillaume MEP, a vice-president of the group, accused Google of "rushing in a new policy on this highly sensitive issue which severely affects citizens' fundamental rights."
Meanwhile, Google's privacy adviser Peter Fleischer, has said the company is "confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles."
He added that Google had "notified over 350 million authenticated Google users and provided highly visible notifications on our home page and in search results for our non-authenticated users."
The row is not the first time that Google has fallen foul of data protection regulators in 2012.
In January, the company was subject to criticism by the US Federal Trade Commission, who said it and its social media site Facebook are guilty of breaching data privacy commitments.
Site Section
Related stories
- EU bill gives web users 'right to be forgotten'
- US Internet rights bill 'clearest' ever on data privacy
- Demand for web neutrality law following IP blocking tactics
- Commission delivers anti-trust ultimatum to Google
- Google in EU privacy row over Street View data
- Google privacy policy breaks law, EU data chiefs say