Google must rewrite European privacy policy or face legal sanctions

Jul 5, 2013
2

Google must change its European privacy policy or run the risk of legal censure, with the UK joining Germany, Italy, France, and Spain in demanding the search giant modify its contentious "unified" policy. The UK's Information Commissioner's Office, the independent privacy watchdog, confirmed this week it had contacted Google giving it until September 20 to rewrite its privacy policy, as currently it "raises serious questions about its compliance with the UK Data Protection Act." If it fails to amend the policy, the ICO warns, Google could find itself the target of "formal enforcement action."

The UK isn't the first European country to take issue with Google's single privacy policy that over-arches the majority of its services. Revealed in 2012, the updated terms & conditions replaced the individual agreements for each product with a single per-account policy; at the time, Google claimed it shaved around 60 different agreements to just one, billing it as a more efficient and understandable approach to data privacy.

However, critics also pointed out that Google was explicitly giving itself permission to share data from different services, and in the process build up a more complete picture of each individual user. For Google, that only led to benefits overall: the company would be able to, for instance, use calendar data, location data, and its own understanding of traffic status to give more accurate directions and suggestions on when to travel, what route to take, and by what method to take it, Google argued.

Google privacy policy changes explanation video:

That wasn't enough to placate privacy watchdogs, however, and a bitter back-and-forth began as regulators sparred with Google's own legal advisors. In February this year, the French National Commission for Computing and Liberties announced it was unsatisfied with Google's explanations, and that it would investigate and potentially level fines at the company.

"Our privacy policy respects European law and allows us to create simpler, more effective services" Google said in a statement on the matter. "We have engaged fully with the authorities involved throughout this process, and we'll continue to do so going forward."

Meanwhile, a German watchdog announced this week that it would hold a legal hearing with Google's policy at its core. Professor Johannes Caspar, who heads the Hamburg-based organization, said that Google's 2012 policy "violates the company's commitment to full transparency about the use and handling of the data."

Data use is a sensitive topic at the moment, especially given the ongoing PRISM revelations that forced Google - among others - to categorically deny that the US NSA or any other security agency had "back door" access to its servers. Google is also the subject of privacy concerns in the US, particularly around its Glass headset, which has led one Congressional caucus to question the potential for abuse of wearables.

UK ICO statement:

"We have today written to Google to confirm our findings relating to the update of the company’s privacy policy. In our letter we confirm that its updated privacy policy raises serious questions about its compliance with the UK Data Protection Act.

In particular, we believe that the updated policy does not provide sufficient information to enable UK users of Google’s services to understand how their data will be used across all of the company’s products.

Google must now amend their privacy policy to make it more informative for individual service users. Failure to take the necessary action to improve the policies compliance with the Data Protection Act by 20 September will leave the company open to the possibility of formal enforcement action" Information Commissioner's Office, UK

VIA The Guardian


Must Read Bits & Bytes