Google officials once again are being accused by regulators of not being cooperative with investigators looking into privacy issues concerning the dominant Web 2.0 company.
This time, the complaints are coming from Europe Union (EU), where a French agency taking the lead in the investigation over questions about Googles new privacy policy is saying that the search giant gave incomplete and approximate answers to a questionnaire sent to it in March.
In a statement released May 23, France’s CNIL (Commission Nationale de l’Informatique et des Libertés) said it had sent Google a questionnaire about the new privacy policy in March, and that the company sent back its answers in April.
The CNIL welcomes Google’s collaboration but regrets that the answers are often incomplete or approximate, the organization said.
The CNIL sent another questionnaire to Google May 22 in hopes of clarifying some questions, and met with Google representatives May 23. It has given Google until June 8 to answer the new questions.
European regulators are concerned about the privacy policy changes that Google announced in January and put into effect March 1. Essentially, Google did away with privacy rules for individual products like search, YouTube and Google Maps, and instead put in an umbrella policy that covered all 60 or so Google Web services. At the same time, Google also moved to bring in user information from all the services, creating large single-user profiles.
Google officials said the move would improve the quality of service. Critics disagreed, saying it was the latest step by Google to create better digital profiles of users in hopes of boosting its online ad business.
The European Union had asked Google to delay implementing the new policy until the questions raised by the CNIL had been answered. Google officials declined, stating that they were confident the policy adequately protected the privacy and rights of European citizens.
In a statement March 1, EU Justice Commissioner Viviane Reding said that it was unfortunate that Google has gone ahead with the new policy before addressing the French data protection authority’s concerns. All companies that offer services to European consumers must provide their customers with clear information about their privacy policy. In Europe, consumers must be able to make informed decisions about using Internet-based services.”
Now the CNIL is pushing Google executives to be more forthcoming in their answers. Given the current information, the CNIL considers it impossible to know Google’s processing of personal data, as well as the links between collected data, purposes and recipients, and that the obligation of information of the data subjects is not respected. The CNIL also notes that Google has not provided a maximum retention period for the data.
CNIL officials said they are still concerned about the purpose and legality of Googles combining of personal data across services, and whether the opt-out procedures in place are a valid means for users to oppose Googles efforts.
French Regulators Want More Information From Google
Finally, Google has not provided a practical answer on the way the ePrivacy Directive is applied for Google’s ‘passive users,’ i.e., the persons who use Google’s services [advertising, analytics, +1 button] when they visit third-party Websites, CNIL officials said.
Once the organization has Googles new answers, it will present a report to the EUs Article 29 Working Party, which will decide how Google can bring the new policy into compliance. Google will get the determination by mid-July, the CNIL said.
The CNILs letter about Google and its privacy policy comes less than a month after issues surrounding the search vendors controversial Street View program flared up again in the United States. The Federal Communications Commission (FCC) on April 13 fined Google $25,000 for intentionally obstructing an investigation into the companys collecting of personal data from WiFi networks while conducting its Street View project between 2007 and 2010.
The FCC said in its report that it could not find any evidence of legal wrongdoing on the part of Google, in part because the company deliberately impeded and delayed the commissions investigation by refusing to provide information and documents requested as part of the investigation. In addition, an unnamed Google engineer who created the software that collected the WiFi data did not testify at a deposition, instead invoking his Fifth Amendment right against self-incrimination.
Google executives disputed the FCCs claim, saying they provided all the materials the regulators felt they needed to conclude their investigation, and we were not found to have violated any laws.”
Google had claimed the collection of the personal WiFi dataincluding passwords, emails and search historieswas the work of a rogue engineer. But soon after the FCC fine, it was learned that the engineer, Marius Milner, had told at least two other Google employees that such payload data was being collected.
The revelation renewed calls by privacy advocates and some politicians in both the United States and Europe to reopen the investigations into Googles Street View program.