Google’s recent changes to its privacy policy are in breach of European Law, the European commissioner of justice, Viviane Reding, said after a presentation on Thursday.
The web giant has replaced the individual privacy policies of all its various services, such as GMail, YouTube etc., with a single policy. Google says this makes its privacy policy easier to understand and will improve the services by combining customer data.
Interesting Links
However, Viviane Reding alleged that the new policies break European data protection rules that insist companies are transparent about how they handle customer data.
Reding made the allegation in two separate interviews with the Guardian and the BBC after a speech given at the London School of Economics yesterday in defence of the European Commission’s proposed Data Protection Regulations.
In her presentation, Reding noted EU member states could object to Google’s new policies, although the fines they can currently levy would be immaterial to the company. She admitted, however, that the EC is itself currently powerless to do anything about Google’s privacy breaches.
According to legal academic and blogger Paul Bernal, Reding noted that under the proposed reforms to the EC Data Protection Directive, Google could be fined up to €560 million, 2% of its global annual revenues, for a breach.
Reding’s remarks came after the French data protection authority CNIL sent an open letter to Google CEO Larry Page raising concerns about its new privacy policy. CNIL asked Google to pause the rollout of its privacy policy until it would evaluate its legal consequences, saying the company had faiiled to disclose sufficient informaton about how it will handle customer data.
A group of 37 US attorney generals wrote a similar letter to Page on 22 February, expressing concern about the new privacy policy and asking Google to make the policy changes opt-in, rather than opt-out, forcing users to actively choose to allow their activity across all Google products to be used to sell personalised advertising.
The UK Information Commission, Christopher Graham, was most cautious. "We don’t know if Google is operating outside of EU law… I’m not going to say it isn’t lawful as it’s being investigated," he told a London seminar on Wednesday night.
Google refused to pause the policy changes, saying such an action would confuse users, and did not directly address the requests of the US attorney generals to make the privacy policy opt-in, rather than opt-out.
In a blog post, Google’s Director of Privacy, Product and Engineering Alma Whitten said that the new privacy policy hadn’t changed anything about the way Google gathers data or shares it with third parties.
"The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google," she wrote. "We aren’t collecting any new or additional information about users. We won’t be selling your personal data"
