EU data protection agencies: Google has breached privacy law
New unified policy breaks EU regulations says justice commissioner
EU justice commissioner Viviane Reding has told BBC Radio 4 that Google's new unified privacy policy, which came into effect globally yesterday, is in breach of European privacy laws.
Google says that the new policy, which replaces the various agreements which covered its many service with a single contract, is intended to simplify things for its users, making the company's policy easier to understand, but the move has met with political opposition in Europe.
Previously, a group of EU lawmakers and data protection agencies had asked Google to delay the policy's implementation to give French privacy agency the CNIL the time to properly examine its ramifications.
Google demurred and the policy is now in effect. However, now that the CNIL has completed its investigations, Reding has revealed that there are several objections to the new rules, which are believed to allow Google to pass on information about customers to third parties without the owner's permission.
"They have come to the conclusion that they are deeply concerned, and that the new rules are not in accordance with the European law, and that the transparency rules have not been applied," Reding told the BBC, adding that the law had been broken "in numerous respects.
"One is that nobody had been consulted, it is not in accordance with the law on transparency and it utilizes the data of private persons in order to hand it over to third parties, which is not what the users have agreed to.
"Protection of personal data is a basic rule of the European Union. It is inscribed in the treaties. It is not an if, it is a must."
Google has responded to the investigation in a post on its official blog.
"Our privacy policy is now much easier to understand," reads the post. "We've included the key parts from more than 60 product-specific notices into our main Google Privacy Policy - so there's no longer any need to be your own mini search engine if you want to work out what's going on."
However, Reding pointed out that privacy policies, EULAs and T&C agreements are rarely examined fully by customers, and that Google must reconsider.
"Seventy percent of users rarely, or never, use terms and conditions which very often are written in small print, very complicated, not understandable for the normal user, and users are worried," Reding told Radio 4.
"We know data is the bloodstream of these new industries...but at the same time there are basic European rules...which have to be applied, and unfortunately we always see that those rules are just not observed, and illegality is taking over."
Whether or not any legal pressure can be applied as a result of the findings remains to be seen.