Europe calls on Google to put privacy policy changes on ice

Only a week after Google said it would consolidate its privacy policies into a single mega-policy across its services, European data protection regulators have expressed concern.
Written by Zack Whittaker, Contributor

A group of European regulators has written to Google, asking it to suspend the introduction of its new privacy policy to ensure that it does not breach European data protection laws.

The search giant sparked controversy in January after it said it was to change its privacy policies, by consolidating its services' policies into one single policy across all of its sites, including Google+, Gmail and YouTube.


ZDNet's Larry Dignan explained this by highlighting the good, the bad and the scary. He added: "I’m all for breaking down data silos, but when Google knows more about me than my wife I get a bit worried."

Google said the privacy policy update changes how the company uses the data, rather than what it collects.

The regulators --- the Article 29 Working Party --- is made up of data protection representatives from each 27 member state, and is responsible for advising member states on data protection matters, and making recommendations to maintain the law.

The letter, addressed to Google chief executive Larry Page, reads [PDF]:

On behalf of the Article 29 Working Party I would like to inform you that we are aware of the upcoming change in your privacy policy.

Given the wide range of services you offer, and popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states.

We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated procedure. We have therefore asked the French data protection authority, the CNIL, to take the lead. The CNIL has kindly accepted this task and will be your point of contact for the data protection authorities in the EU.

In light of the above, we call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis.

European Justice Commissioner Viviane Reding welcomed the move, saying on Twitter that it was, "good that Europe's data protection authorities are ensuring Google's new privacy policy complies with EU law."

According to Reuters, Google finds the raising of concerns as a "surprise".

"We briefed most of the members of the working party in the weeks leading up to our announcement," said Al Verney, Google's spokesperson in Brussels.

This comes only less than a fortnight since Reding announced the proposed draft of the new Data Protection Regulation, which would be a "one-size-fits-all" law for all member states. The new Regulation includes measures to force Internet giants like Facebook and Google into acquiring explicit consent when handing over data to third-parties, while leaving out key provisions to protect European citizens from third-country law, like the United States'.

Web users will also have the "right to be forgotten". Internet companies and European data protection agencies have expressed their scepticism over the proposed measures.

The European Parliament must agree to the terms before the Regulation can be ratified into the law of member states.

Image source: Spencer E. Holtaway/Flickr.


Editorial standards