Google's product policy privacy changes go into effect March 1 despite the protestations from CNIL, Congress and state attorneys general.
despite protestations from regulators in the United States and Europe, which
has said the alterations will violate European Union data protection rules.
French data protection regulator tasked by the Article 29 Working Party to pore
over Google's policy changes, said Google's new policy does not meet the
requirements of the European Directive on data protection. The new policies
appear to break rules related to how Google informs users it is using their
Google to halt its policy changes, but Google said it would not.
vowing to winnow product privacy rules from some 60 Web services, such as
search, YouTube and Google Maps, under one umbrella policy.
aims to treat users of those services who are signed into their Google accounts
as individual users, with services under the blanket policy sharing data with
each other. Google argued this would improve relevancy, and thus, quality of
service to users.
contend it's just another way for Google to create a better digital dossier on
users to bolster its online ad targeting. Either way, users can go along for
the ride, eschew the services covered under the blanket policy, or access some
services while signed out of their Google account.
which also disputed Google's public contention that EU data protection
authorities had been "extensively pre-briefed" on the changes, said
Google's policy changes did not make it clear how data from each of the
services would be shared.
and the EU data protection authorities are "deeply concerned" about
the combination of personal data across services: They have strong doubts about
the lawfulness and fairness of such processing. And about its compliance.
Google to consider providing users with condensed notices of how it uses data,
followed by detailed explanations for how each service uses consumers' data. In
the meantime, CNIL requested that Google halt its policy changes before
triggering them tomorrow.
responded to CNIL in a letter of its own Feb. 28, believes it has met with CNIL
enough and does not violate Europe's data protection rules.
all European data protection laws and principles," Peter Fleischer,
Google's global privacy counsel, wrote in his response.
He also said
Google would continue with the changes as planned because it has notified more
than 350 million Google account owners and provided "highly visible
notifications" on Google.com for non-authenticated users. "To pause
now would cause a great deal of confusion for users," Fleischer added.
CNIL and the
Working Party aren't the only regulators concerned about the changes.
Earlier this month, U.S. Senators met
Deputy General Counsel Mike Yang and Public Policy Director Pablo Chavez to
discuss the planned policy changes. The Senators believed Google's policy changes would obscure pertinent information from users.
Barton (R-Texas) said Google "danced around the actual details" and
spoke in generalities. Rep. Mary Bono Mack (R-Calif.) said she didn't think the
Google officials were "very forthcoming necessarily in what this really
means for the safety of our families and our children and ourselves."
general banded together to express their concern over the policy changes just
last week. Some three dozen state attorneys general wrote
letter noting they were concerned with Google's desire to have applications
such as Search, Gmail and YouTube share user data with each other.
If there is an
agency in position to interfere on behalf of consumers, it's the Federal Trade
Commission. While the FTC has yet to formally announce any action to stop
Google's policy changes, FTC Chairman Jon Leibowitz said on C-SPANs
: "It's a fairly binary and somewhat
brutal choice that they are giving consumers. I think I can't say much more.
But we're aware."
The FTC may be
withholding action because it is already investigating Google for antitrust
violations regarding its search advertising business.