Out-Law News 4 min. read
28 Feb 2012, 12:06 pm
However, the Information Commissioner's Office (ICO) told Out-Law.com that a regulator in France is currently assessing whether the changes comply with EU law on behalf of it and the other data protection authorities in the trading bloc.
From Thursday the internet giant plans to operate with one single all-encompassing privacy policy covering the collection of personal data across all its services.
Big Brother Watch (BBW) said that a recent YouGov poll of more than 2,000 adults revealed that only 12% of Google service users had read the company's update policy. The YouGov poll also revealed that 40% of Google service users thought it was right for the company to press ahead with the privacy policy change from Thursday, according to BBW. The research also found that almost half of those polled did not know the new privacy policy is coming into effect on 1 March.
The group called on Google to postpone the implementation of its new privacy policy and has written to the ICO asking it to investigate whether the planned changes comply with UK data protection laws.
“The impact of Google’s new policy cannot be understated, but the public are in the dark about what the changes actually mean," Nick Pickles, BBW director, said in a statement.
"Companies should not be allowed to bury in legal jargon and vague statements how they may monitor what we do online, where we use our phones and even listen to what we say in calls. This change isn’t about Google collecting more data, it’s about letting the company combine what’s in your emails with the videos you watch and the things you search for," Pickles said.
"If people don’t understand what is happening to their personal information, how can they make an informed choice about using a service? Google is putting advertiser’s interests before user privacy and should not be rushing ahead before the public understand what the changes will mean,” he said
The UK's Privacy and Electronic Communications (Amendment) Regulations implement changes to EU law and were brought into effect last May. The new law requires website operators to make sure they have "informed consent" from users for the use of cookies. Cookies are small text files that websites store on users' computers. The files contain information about users' online activity.
The data protection regulator in France is currently leading a review of Google's privacy policy changes on behalf of data protection watchdog the Article 29 Working Party. Earlier this month the Working Party announced the review in a letter addressed to Google chief executive Larry Page. In the letter the Working Party requested that the company postpone the introduction of the changes until the French regulator had completed its "analysis".
However, in response Google's global privacy lawyer Peter Fleischer defended the changes and said they would result in a simpler and easier to understand explanation of how it uses user data. He also said it would enable the company to offer more personalised services to those individuals.
"Most of our privacy policies have traditionally allowed us to combine information gathered in connection with one service with information from other services when users are signed into their Google Accounts. By combining information within a user's account we can improve their experience across Google ... However, our privacy policies have restricted our ability to combine information within an account for two services: Web History, which is search history for signed-in users, and YouTube, the video-sharing service we acquired in 2007," Fleischer said.
Being able to combine information across these services, as a new single privacy policy, would enable Google to offer a "simple, intuitive experience" to signed-in users across all its services "by making things easier and letting them find useful information more quickly," Fleischer said.
"Our updated privacy policy makes it clear in one comprehensive document that, if a user is signed in, we may combine information she has provided from one service with information from our other services. We'll treat that user as a single entity across all our services, which will mean a simpler, more intuitive Google experience," he said.
Fleischer also suggested at that stage that Google did not intend to postpone the introduction of its new policy on 1 March.
"As you will know, we had extensively pre-briefed data protection authorities across the EU prior to the launch of our notification to users on 24 January 2012. At no stage did any EU regulator suggest that any sort of pause would be appropriate," he said. "Since we finished these extensive briefings, we have notified 350 million Google account holders, as well as providing highly visible notices to all our non-authenticated users."
"In addition, the policy does not come into effect until 1 March 2012, as we wanted to leave more than adequate time for our users to be able to read and understand the policy before it's fully implemented. We hope this overview of our updated privacy policy will help to address your concerns," he said.
In a statement an ICO spokesperson told Out-Law.com: “Any organisation that processes peoples’ personal data must be open and upfront about how this information will be used and for what purpose".
"The ICO and the other European Data Protection Authorities, represented on the Article 29 Working Party, are aware that Google have recently changed their privacy policy and have made efforts to communicate these changes to their customers. At the request of the Article 29 WP the French Data Protection Authority, the Commission Nationale de l’information et des Liberties (CNIL) is currently speaking with Google on behalf of all the European supervisory authorities to ensure that these changes, and the manner in which they have been communicated, comply with the requirements of European Data Protection law".
"It is nevertheless important that people read the information organisations provide them with before agreeing to any changes related to the processing of their personal information,” the spokesperson said.
