Tag Archives: CNIL

Britain and Brazil Are Concerned About Google’s “Vague” Privacy Policy

Google is getting a lot more pressure from international privacy watchdogs. This time it’s coming from Britain and Brazil.

Britain’s deputy information commissioner, David Smith, made his first public comments against Google’s new privacy policy last week. His comments against Google’s more intrusive privacy policy was made a week after it took effect. He criticized Google at a conference in Westminster where he said that Google’s new privacy policy is “too vague”:

“The requirement under the UK Data Protection Act is for a company to tell people what it actually intends to do with their data, not just what it might do at some unspecified point in future. Being vague does not help in giving users effective control about how their information is shared. It’s their information at the end of the day”

Other European regulators have recently said that Google’s privacy policy is misleading and fails to disclose the whole truth to its users. The EU data protection authorities are currently working on an investigation of Google and will have their results some time soon. Their preliminary finding was scathing and said that Google’s new privacy policy was difficult to understand “even for trained professionals”.

The European Union takes the privacy of its people very seriously. Their data protection laws from the 1990s are one of the toughest in the world and they recently announced that they plan to revise their laws to make it more stringent and uniform. There is a plan to introduce a “right to be forgotten” which will allow people to demand Internet companies remove personal data about them permanently. Of course, Google is extremely worried that more privacy protections for Europeans will harm their bottom line. The company has been lobbying European authorities for a while now, trying to block any chance of more protections for Europeans to pass.  David Smith said this about the right to be forgotten,

“Google can’t just say: I’m just a messenger, I have no responsibility at all for the messages I carry. Given their dominant role and their huge influence here they have a responsibility to ensure they operate in a fair and reasonable way. Where things are drawn to their attention and it can be established they are delivering content which is defamatory, where it is harmful to individuals and there is no public interest justification Google have a responsibility not to serve up that information”

It’s a good thing that European regulators are keeping a close watch on Google. Let’s hope that they support their harsh words for Google with real action against the company. Later this month, the French data protection authority, CNIL, will release their full report. Data protection authorities from all EU member nations will respect the findings and coordinate their actions against Google. It may include hefty fines and even criminal prosecution if Google doesn’t comply with their laws.

Alright, let’s move away from Europe and head on over to South America – Brazil to be exact. The Brazilian Justice Ministry wants some serious answers from Google and they want it very soon. Brazil doesn’t want to play games with the company and has said that if Google’s privacy policy breaks their laws they will sanction Google. Brazil said a full investigation of Google is imminent if Google doesn’t respond back with satisfactory answers justifying their new privacy policy. The ministry’s Department of Consumer Defense and Protection is particularly concerned about how understandable Google’s new privacy policy is and whether users are fully aware of the implications of using Google’s products.

Interesting – things could get a lot worse for Google and a lot better for the average Internet user. We’ll wait and see how things develop.

For more information:

The Register, “Google’s privacy policy: Incoherent and confusing” – click here

The Telegraph, “Google’s privacy policy branded ‘too vague’” – click here

The Guardian, “Google’s privacy policy ‘too vague‘” – click here

Reuters, “Brazil questions Google’s new privacy policy” – click here

Advertisements
Tagged , , , , , , , , ,

The EU Justice Commissioner Says Google’s New Privacy Policy Breaks European Law

The European Union’s Justice Commissioner, Viviane Reding, told BBC Radio Four that Google’s new more intrusive privacy policy breaches privacy laws that are meant to protect European citizens. She made this judgment public on the World At One program the same day Google fully implemented its new privacy policy and two days after a French data protection agency released a report finding Google’s new privacy policy ‘deeply concerning’ (for more on this – click here).

The European Commission is in the process of overhauling their privacy rules so that it can address important issues of the 21st century. They recognize that a greater number of people are spending more time on the Internet. With so many of us spending significant amount of our time on the web, it obviously means that we are in desperate need of greater protections. The Commission wants to streamline privacy rules across all of Europe.

Google announced that they were going to toss out all their privacy policies across all their different services to combine it into a singular policy that would apply to all. Of course, this means now that Google can track you more easily all over the web and make it more efficient to sell your personal data to advertisers.

Europeans are very protective of their online privacy and they were immediately concerned about Google’s announcement, which the company made in late January. European regulators asked Google to delay their new privacy policy until a full investigation could be completed. Google outright refused.

Now, Google has to face the music for its arrogance and lack of respect for the legal process. Google commented several times that it was confident that it was abiding by laws and behaved as if the company knows European law better than the people who made those laws in the first place. They obviously do not and, despite warnings, Google went through with changing their privacy policies.

Google was basically asking for it by ignoring the EU privacy regulators when those regulators asked the company to halt their new privacy policy. It’s as if Google immaturely said to them: “make me!”

Ms. Reding was asked in what respects has Google broken EU laws. She said,

“In numerous respects. One is that nobody had been consulted, it is not in accordance with the law on transparency and it utilizes the data of private persons in order to hand it over to third parties, which is not what the users have agreed to. Protection of personal data is a basic rule of the European Union. It is inscribed in the treaties. It is not an if, it is a must”  

She even went on to say that many people are in dark about the full implications of using Google’s services. The company fails to fully tell users to what extent their information will be stored and to whom it will be shared with. People don’t know what they are getting themselves into:

“Seventy percent of users rarely, or never, use terms and conditions which very often are written in small print, very complicated, not understandable for the normal user, and users are worried. Eighty percent of British citizens say they’re concerned about what is going on now”

She said that companies like Google, which make over 90% of their revenues from advertising, have a business model that leaves users completely vulnerable to violations of their privacy. However, the EU will not sit back and watch Google exploit innocent people who are often times unaware just how much damage is being done to them:

“We know data is the bloodstream of these new industries … but at the same time there are basic European rules … which have to be applied, and unfortunately we always see that those rules are just not observed, and illegality is taking over”

Google – it looks like you’re about to be made.

For more information:

BBC, “Google privacy changes ‘in breach of EU law’” – click here

Reuters, “EU agencies say Google breaking law – commissioner” – click here

Tagged , , , , , , ,

European Regulators Say Google’s New Privacy Policy Is Confusing ‘Even For Trained Professionals’

 The fight between Google and European authorities is getting even more intense!

Earlier this month, in my post titled “Europeans increasingly rejecting Google due to lack of privacy“, I informed you of a group that sent a letter to Google asking the company to delay their new privacy policy. The Article 29 Working Party is made up of data protection authorities from the member states of the European Union.

You can read my earlier post – click here

After the group found out that Google had plans to change its privacy policies, they politely asked Google to “pause” their plans to carry out the change because they needed a sufficient amount of time to fully investigate Google. Europeans take their online privacy very seriously. They wanted enough time to complete their analysis to make sure their citizens were protected from any violations or exploitation of their personal data.

However, despite the efforts of the European data protection authorities, Google sent back a letter telling them that the company would not stop their plans to implement their new privacy policy. Google claimed that they already gave the European regulators enough time and that they met with them before the change to its privacy policies was publicly announced. Google basically told the group “No and get lost!”

Google was well aware that the Working Party didn’t really have authority itself to enforce its recommendation.

Oh no you didn’t!

Hold on, not so fast!

Well, fast forward almost 4 weeks later and the European privacy regulators are back with a vengeance! The Article 29 Working Party decided to give its French data protection member the lead task to investigate Google. The scathing preliminary result of that investigation was released yesterday to the media. The French privacy agency is called the National Commission for Computing and Civil Liberties (CNIL) – and they did not mince words. In a letter addressed to Google (dated February 27th, 2012), the French agency is brutally honest with their assessment:

“The CNIL and the EU data protection authorities regret that Google did not accept to delay the application of this new policy which raises legitimate concerns about the protection of the personal data of European citizens.”

CNIL found that Google’s new privacy policy is actually not more transparent and comprehensive. They suggest that Google is actually being deceptive with their new privacy policy because it does not give users the whole truth. It isn’t enough to tell users the bare minimum about what the new privacy policy will mean to them, you have to tell users exactly how their personal data is going to be used. The French agency is concerned about what Google is hiding from its users.

I previously wrote about how Google has a problem telling its users the whole truth. For more on that – click here

“By merging the privacy policies of its services, Google makes it impossible to understand which purposes, personal data, recipients or access rights are relevant to the use of a specific service. As such, Google’s new policy fails to meet the requirements of the European Data Protection Directive”

They said that said Google’s new privacy policy actually raises more fears and concerns about the company’s actual practices. They question the lawfulness of Google’s intended changes to its privacy policy.

“The CNIL and the EU data protection authorities are deeply concerned about the combination of data across services and have strong doubts about the lawfulness and fairness of such processing. They intend to address these questions in detail with Google’s representatives”

Furthermore, the group made sure to address Google’s lie about meeting with European regulators before they unveiled plans to change their privacy policy:

“Contrary to public statements by Google representatives suggesting that data protection authorities across the EU had been ‘extensively pre-briefed’, not all authorities were  informed, and those that were informed only heard about the changes a few days before the announcement. They saw the contents of the new privacy policy at best a few hours before its public release, without any opportunity to provide any constructive feedback”

Oh SNAP! Ha-ha…Google must be really red-faced right about now.

And, for your information, the French authority has the power to fine companies up to 300,000 euros (or about $400,000) for each breach of privacy. It can also ask a court to stop the company from violating privacy laws. Other European countries can enforce their laws in similar ways too.

The French agency concluded that Google’s privacy policy is too vague and difficult to understand, “even for trained privacy professionals“.  They said they will send a full questionnaire to Google before mid-March and they reiterated their recommendation to Google to stop their plans in introducing their new privacy policy.

Hey Google, don’t try to pull a fast one on European privacy protection groups – they can knock you out, ha!

To read the full letter CNIL sent to Google, click here (PDF)

CNIL’s website – click here

For more information:

New York Times, “France Says Google Privacy Plan Likely Violates European Law” – click here

The Telegraph, “Google privacy overhaul ‘unlawful’, say regulators” – click here

BBC,Google ‘fails to meet EU rules’ on new privacy policy” – click here

Tagged , , , , , , , ,