Skip to main content

French privacy agency tries to kibosh Google’s privacy policy just days before roll out

The National Commission for Computing and Civil Liberties announced today that Google’s new privacy policy might violate European Union law.

The allegation comes just days before the Mountain View, Calif.-based Internet giant planned to enact the policy that unveiled last month. Google said the updated policy streamlined privacy practices for 60 different services engaged around the globe to bring transparency and clarity.

“We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read,” explained Google’s policy website.

A portion of the letter.

The French privacy agency picked a bone with the search engine’s intent and wrote a letter (PDF) to Google’s Chief Executive Officer Larry Page that painted the new rules as questionable. The central focus of the letter inquired how Google would use the reaped private data, but it is well-known the advertising firm collects personal information from tracking cookies to build targeted ads.

“Rather than promoting transparency, the terms of the new policy and the fact that Google claims publicly that it will combine data across services raises fears about Google’s actual practices,” wrote the agency, also known as CNIL, in the letter. “Our preliminary investigation shows that it is extremely difficult to know exactly which data is combined between which services for which purposes, even for trained privacy professionals.”

The new policy takes effect March 1, and while users’ privacy preferences remain, the new arrangement allows Google to gather and implement user data across its services. Google is charging ahead with Search plus Your World, Gmail, Picasa, YouTube, and Google+, so it is probably just connecting all the loose legal ends to make one continuous experience….

However, looming implications may derail the plan, because a European Commission advisory panel that wanted CNIL to assess the policy changes directed today’s letter. Privacy commissioner Viviane Reding asked Google last month to halt the policy roll out while regulators update E.U. law to convey the new era of the Internet, but the company again released a statement today explaining the launch would ensue as scheduled.

“To pause now would cause a great deal of confusion for users,” wrote Google’s Chief Privacy Council Peter Fleischer in a letter to the CNIL. “We have given well over a month for our users to read and understand the privacy policy changes, and have provided extensive information.”

Fleischer further detailed how Google is confident the “new simple, clear and transparent privacy policy respects all European data protection laws and principles.” The letter indicated Google attempted to meet with CNIL and discuss any issues at hand, but all endeavors were unsuccessful.

Meanwhile, the CNIL promised to send Google a questionnaire about its privacy policies by mid-March. The agency can fine companies and prevent them from practicing policies that violate data protection laws. Due to E.U. laws under revision, there are different rules across the Union requiring enforcement bodies like the CNIL to supervise national standards. Individual data protection authorities govern enforcement in their own European countries.

[youtube=http://www.youtube.com/watch?v=KGghlPmebCY]

British privacy advocate Big Brother Watch released a study today that depicts only 1 out of 10 Google users having read the new policy. Meanwhile, another 47 percent were unaware of the update. Under the unified policy, Google’s ecosystem will collect a host of user information, such as: calendar appointments, location data, personal data pulled from Gmail chatter, device information and search queries, search preferences and contacts. It is worth noting that information from Google Books, Google Wallet and Google Chrome are not integrated due to industry-specific privacy laws.

Data accumulation extends to Android users signed into their Google account; however, the policy does not go into specifics for iPhone/Blackberry/Windows 8 owners. It only mentions that if they sign into a service on any device, Google will be able to collect information about the device and its usage.

The types of mobile information cropping include the device’s hardware model, operating system version, unique device identifiers and mobile network information. Other specifics like service use, search queries, telephone log information (time/date of calls and duration of calls), IP addresses, and cookies uniquely identifying the browser or Google Account will also be stockpiled.

Visit Google’s FAQ section to read more about the changes, because even the company figured its users “might have a question or twenty-two” regarding privacy. Furthermore, Google offers tips and advice for staying safe online —even through the new policy— on its Good to Know website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel