Google's New Privacy Policy Illegal in Europe Regulator Says

It is now official. Reuters is reporting today that data protection agencies in European countries have concluded Google (News - Alert) Inc's new privacy policy is in breach of European law. The story quotes EU Justice Commissioner Viviane Reding as saying on BBC Radio Four that he and his European counterparts — including France's data protection watchdog, the CNIL, which reportedly has informed Google it would lead a European-wide investigation into this matter — have come to the conclusion that they are “deeply concerned, and that the new rules are not in accordance with the European law, and that the transparency rules have not been applied."

As I wrote back on Feb. 17, Google’s announcement in January that it was simplifying its privacy policy so as to consolidate 60 guidelines into a single one for all its services had drawn EU ire, and the possibility of the policies being found illegal under Europe’s strict privacy laws. This included concerns that users would not be able to opt out of the new policy if they wished to continue using Google's services.

Rueters went on to quote Reding as saying the Google policy violated EU law, "In numerous respects. One is that nobody had been consulted, it is not in accordance with the law on transparency and it utilizes the data of private persons in order to hand it over to third parties, which is not what the users have agreed to." She added that, "Protection of personal data is a basic rule of the European Union. It is inscribed in the treaties. It is not an if, it is a must."  

Google kind of responds

Google earlier posted a blog defending its policy by Alma Whitten, Director of Privacy, Product Engineering. It is worth reading in its totality since in the face of EU objections it instituted its new policies today. Here are a few tidbits:

• "Our privacy policy is now much easier to understand"
• "We've included the key parts from more than 60 product-specific notices into our main Google Privacy Policy -- so there's no longer any need to be your own mini search engine if you want to work out what's going on."
• “The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.”

If you don’t think information sharing will improve your experience, you can use our privacy tools to do things like edit or turn off your search history and YouTube (News - Alert) history, control the way Google tailors ads to your interests and browse the web “incognito” using Chrome. You can use services like Search, Maps and YouTube if you are not signed in. You can even separate your information into different accounts, since we don’t combine personal information across them. And we’re committed to data liberation, so if you want to take your information elsewhere you can.

Reding gets the last word

Reding had fuel for her fire. In fact, she did not mince words and cited facts supporting the contention that most users were unaware of what they were signing up to when they used popular Internet services like those of Google:

• "Seventy percent of users rarely, or never, use terms and conditions which very often are written in small print, very complicated, not understandable for the normal user, and users are worried," she told the BBC.
• "Eighty percent of British citizens say they're concerned about what is going on now." 

The commissioner’s final quote summed it all up, "We know data is the bloodstream of these new industries ... but at the same time there are basic European rules ... which have to be applied, and unfortunately we always see that those rules are just not observed, and illegality is taking over."

What’s next?

Where we go from here is anyone’s guess. At the Mobile World Congress currently going on in Barcelona, various speakers, including Google Chairman and former CEO Eric Schmidt (News - Alert) during a keynote address, cautioned the audience that over 60 countries are not censoring the Internet and more a likely to do so. Unstated was the notion that not allowing Google to implement its new privacy policies was a form of governmental censorship of people’s rights to use services as they see fit.

Inquiring minds want to know if the EU will stop the new policy from going into effect in Europe. Will Google be forced to have one set of rules for places like the U.S. and another for other parts of the world? Will Google relent completely and ditch the consolidation? Unfortunately, inquiring minds are going to have to wait a bit. 

Finally, while Google is facing the EU firing squad at the moment, this is not just about them. They happen to be a timely target. Individual privacy has been and will continue to be one of the most important, if not the most important, policy issue of 2012. The friction between the desirability of using “big data,” especially as extracted from people’s surfing and transactional habits which is the oil that greases the value creation engine for Internet services, versus the rights of individuals to have control over that information is only likely to grow.

 In the U.S. there is an old saying that, “rules were made to be broken.” This has been used as justification in the technology world as a reason the U.S. leads the world in innovation. While it may apply to things like the rules of physics, Google needs to be careful when it comes to actual law. Hold on to your hats. This is going to be a wild one.