EU demands response to Google's 'unlawful' privacy policy

Europe is demanding answers out of Google, giving it only three weeks to spill its secrets, and explain why it ignored the EU's advice and posted a new privacy policy anyway.
Written by Zack Whittaker, Contributor

France's data protection agency, the Commission Nationale de l'Informatique et des Libertés (CNIL), has given Google three weeks to respond to questions on its "unlawful" changes to its privacy policy.

Google has until April 5 to respond to the 69 questions the watchdog sent in a letter. The answers to some of the questions [PDF] could cause further anger amongst nations and citizens alike, as well as shedding light on Google's business practice when it comes to data retention, user privacy, and service functionality.

The letter, addressed to chief executive Larry Page, asks how long data will be stored, whether a real-world identity will be matched to user data, as well as the legal justification for combining and consolidating its privacy policies.


Google's new policy simplifies the language of its legalese, but was not opt-out in any way. Users who sign in to use Google's services had to accept the terms of the new policy.

But the controversy began when it was discovered that data would flow from one service to another, such as Google Search to Gmail, its social network Google+ and video-acquisition YouTube.

Google said this would allow better search and more accurate, targeted advertising. Many are concerned that advertisers and third-parties will be able to build up an even more detailed picture of Google's users, even though the data is anonymised.

The search giant's new privacy policy came into effect on March 1, amidst criticism from a number of European data protection authorities and more, that the changes would breach privacy and data laws.

Europe's data law advisor, the Article 29 Working Party, had specifically asked that Google put its plans to merge dozens of its privacy policies into one single document out to pasture, to allow for regulators to assess the damage it could bring on ordinary European folk.

But what the European data protection authorities can do is very little. They can surely throw a fine or two around, but many data regulators cannot even impose fines.

Separately, however, Google continues to be investigated by European authorities for antitrust matters relating to its search rankings. If it's found in breach of Europe's antitrust rules, it could be fined up to 10 percent of its global annual turnover, which could amount to $3--$4 billion (€2.3--€3.1 billion).

It may not be for the right thing, but at least Google would finally get its comeuppance.

Google acknowledge it had received the CNIL letter, and said it will "respond in due course", reports sister site ZDNet UK. "We are confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles."

The company did not reply for further comment at the time of writing.

Image source: ZDNet.


Around the network:

Editorial standards