Google’s new privacy policy, which launched today and allows personal data to be shared across the entirety of the company’s services, is taking serious fire — not least in Europe, after the French data protection watchdog CNIL said it believes that the new policy breaches European law. The French have asked for a full, EU-level investigation into the subject, something that is making headlines around the world.
From the outside, this could look like a provincial authority running to teacher; the equivalent of a lawmaker in, say, Texas asking the Department of Justice to intervene against a third party. But here’s the thing: CNIL didn’t start looking into Google’s policies as part of some fishing expedition — it was asked to conduct its review by the same European officials it is now referring the issue to. This is not a plea, this is a recommendation.
The news has led to a to-and-fro between the regulators and Google and, as you can expect, has generated plenty of sentiment online.
In a letter earlier this week to Larry Page, CNIL president Isabelle Falque-Pierrotin said the organization had serious issues with the policy:
“The CNIL and EU data authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such processing, and its compliance with European data protection legislation,”
Google responded to that by saying that it was in an impossible position.
Like all companies, we have struggled with the conundrum of how to pursue both of the CNlL‘s recommendations: how to “streamline and simplify” our privacy policies, while at the same time providing “comprehensive information” to our users.
The letter was signed by global privacy counsel Peter Fleischer, who is based in France and had previously said that officials were given ample prior warning:
We briefed most of the members of the working party in the weeks leading up to our announcement. None of them expressed substantial concerns at the time, but of course we’re happy to speak with any data protection authority that has questions.
And in an announcement post on Google’s blog, Alma Whitten, the company’s director of privacy, product and engineering, made the argument that the company’s “privacy controls aren’t changing”:
The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.
Broad public reaction seems to be negative. The word “creepy” is being used a lot.
Popular illustrator and designer Etherbrian, who works for Gowalla (which is now owned by Facebook, of course) captured much of the mood:
March 1 begins Google’s new privacy policy, also known as Project Targeted Advertising Creepy Shoulder Rub.
— etherbrian (@etherbrian) March 1, 2012
And the press seems to be rounding on them: “Google’s controversial new privacy policy breaches data laws, says EU — but search giant is going ahead anyway.” (Daily Mail)
Authorities say policy is hard to understand ‘even for trained privacy professionals’…
Google says ‘To pause now would cause confusion’… Users scramble to protect their data from search giant
Privacy groups and civil liberties groups are pushing hard, too. (Big Brother Watch)
“Google is putting advertisers’ interests before user privacy and should not be rushing ahead before the public understand what the changes will mean.”
And a number of prominent figures in the industry are making their feelings public, too. Chris Dixon, co-founder of Hunch and the Founder Collective,says he’s deleted his web history:
Google’s new privacy policy goes into effect tomorrow. I deleted my web history. It’s your last chance to do it. Do it.
— chris dixon (@cdixon) March 1, 2012
New York Times columnist Nick Bilton, meanwhile, linked to a guide to deleting your data from the Electronic Frontier Foundation:
Make sure you delete your Google search history before midnight when the new privacy policy goes live: bit.ly/wzIFSf
— Nick Bilton (@nickbilton) March 1, 2012
While some suggested they might quit Google for good, Dr Tom Keenan, a professor at the University of Calgary, told Global News that Google’s opt-outs meant little in a world where Google was dominant in so many areas.
If you want to get completely out of the Google world, they have this funny thing, the Data Liberation Front. It will actually allow you to liberate your data and get it out of Google. But where are you going to take it? That’s the question. Everybody uses Google.
Even the Japanese government decided to get involved, with the ministry of trade and industry warning that Google needed to be prepared to address concerns. (Reuters)
“It is important for the firm to be flexible by providing necessary additional explanations or measures to address actual user concerns or requests also after March 1.”
Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.
- Connected world: the consumer technology revolution
- Facebook’s IPO filing: ideas and implications
- NewNet Q4: Platform mania and social commerce shakeout