EU demands response to Google's 'unlawful' privacy policy
France's data protection agency, the Commission Nationale de l'Informatique et des Libertés (CNIL), has given Google three weeks to respond to questions on its "unlawful" changes to its privacy policy.
Google has until April 5 to respond to the 69 questions the watchdog sent in a letter. The answers to some of the questions [PDF] could cause further anger amongst nations and citizens alike, as well as shedding light on Google's business practice when it comes to data retention, user privacy, and service functionality.
The letter, addressed to chief executive Larry Page, asks how long data will be stored, whether a real-world identity will be matched to user data, as well as the legal justification for combining and consolidating its privacy policies.
Google's new policy simplifies the language of its legalese, but was not opt-out in any way. Users who sign in to use Google's services had to accept the terms of the new policy.
But the controversy began when it was discovered that data would flow from one service to another, such as Google Search to Gmail, its social network Google+ and video-acquisition YouTube.
Google said this would allow better search and more accurate, targeted advertising. Many are concerned that advertisers and third-parties will be able to build up an even more detailed picture of Google's users, even though the data is anonymised.
The search giant's new privacy policy came into effect on March 1, amidst criticism from a number of European data protection authorities and more, that the changes would breach privacy and data laws.
Europe's data law advisor, the Article 29 Working Party, had specifically asked that Google put its plans to merge dozens of its privacy policies into one single document out to pasture, to allow for regulators to assess the damage it could bring on ordinary European folk.
But what the European data protection authorities can do is very little. They can surely throw a fine or two around, but many data regulators cannot even impose fines.
Separately, however, Google continues to be investigated by European authorities for antitrust matters relating to its search rankings. If it's found in breach of Europe's antitrust rules, it could be fined up to 10 percent of its global annual turnover, which could amount to $3--$4 billion (€2.3--€3.1 billion).
It may not be for the right thing, but at least Google would finally get its comeuppance.
Google acknowledge it had received the CNIL letter, and said it will "respond in due course", reports sister site ZDNet UK. "We are confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles."
The company did not reply for further comment at the time of writing.
Image source: ZDNet.
Related:
- Google's privacy policy doomsday goes ahead despite warnings
- Europe calls on Google to put privacy policy changes on ice
- Google’s new privacy policy: The good, bad, scary
- Google to Congress: Let’s correct some privacy policy ‘misconceptions’
- Hana Stewart-Smith: Japan expresses concern over Google’s new privacy policy
- Violet Blue: Google Privacy Policy Changes Survival Guide
- Googling Google: “Streamlined” Google privacy policy and terms of service coming March 1st
- Confessions of a Google junkie (or, Privacy? What privacy?)
- Google’s new privacy policy: Washington’s misguided interrogation
- Identity Matters: EPIC files FOI request over first Google Privacy Report to FTC
Around the network: