CNIL, the French data protection regulator tasked by the Article 29 Working Party to pore over Google’s policy changes, said Google’s new policy does not meet the requirements of the European Directive on data protection. The new policies appear to break rules related to how Google informs users it is using their personal data.
CNIL asked Google to halt its policy changes, but Google said it would not.
This policy aims to treat users of those services who are signed into their Google accounts as individual users, with services under the blanket policy sharing data with each other. Google argued this would improve relevancy, and thus, quality of service to users.
Critics contend it’s just another way for Google to create a better digital dossier on users to bolster its online ad targeting. Either way, users can go along for the ride, eschew the services covered under the blanket policy, or access some services while signed out of their Google account.
However, CNIL, which also disputed Google’s public contention that EU data protection authorities had been “extensively pre-briefed” on the changes, said Google’s policy changes did not make it clear how data from each of the services would be shared.
“The CNIL and the EU data protection authorities are “deeply concerned” about the combination of personal data across services: They have strong doubts about the lawfulness and fairness of such processing. And about its compliance.
CNIL wants Google to consider providing users with condensed notices of how it uses data, followed by detailed explanations for how each service uses consumers’ data. In the meantime, CNIL requested that Google halt its policy changes before triggering them tomorrow.
Google, which responded to CNIL in a letter of its own Feb. 28, believes it has met with CNIL enough and does not violate Europe’s data protection rules.
He also said Google would continue with the changes as planned because it has notified more than 350 million Google account owners and provided “highly visible notifications” on Google.com for non-authenticated users. “To pause now would cause a great deal of confusion for users,” Fleischer added.
CNIL and the Working Party aren’t the only regulators concerned about the changes.
Earlier this month, U.S. Senators met with Google Deputy General Counsel Mike Yang and Public Policy Director Pablo Chavez to discuss the planned policy changes. The Senators believed Google’s policy changes would obscure pertinent information from users.
Rep. Joe Barton (R-Texas) said Google “danced around the actual details” and spoke in generalities. Rep. Mary Bono Mack (R-Calif.) said she didn’t think the Google officials were “very forthcoming necessarily in what this really means for the safety of our families and our children and ourselves.”
U.S. attorneys general banded together to express their concern over the policy changes just last week. Some three dozen state attorneys general wrote a letter noting they were concerned with Google’s desire to have applications such as Search, Gmail and YouTube share user data with each other.
If there is an agency in position to interfere on behalf of consumers, it’s the Federal Trade Commission. While the FTC has yet to formally announce any action to stop Google’s policy changes, FTC Chairman Jon Leibowitz said on C-SPANs “Newsmakers”: “It’s a fairly binary and somewhat brutal choice that they are giving consumers. I think I can’t say much more. But we’re aware.”
The FTC may be withholding action because it is already investigating Google for antitrust violations regarding its search advertising business.