Europe Presses Google to Change Privacy Policy

What does Google know about its users and how does it know it? European privacy regulators on Tuesday warned the company to clarify those issues — or risk fines or other penalties by early next year.
In a letter to Larry Page, the chief executive of Google, 27 European data-protection agencies asked the company to modify its global privacy policy that governs dozens of Google online services — including the flagship search engine, Android mobile phone apps and YouTube videos — so that users have a clearer understanding of what personal data is being collected and can better control how that information is shared with advertisers.
Along with other Internet companies like Facebook and Microsoft, Google collects personal data, like the sex and age of users and their Web browsing histories, in order to tailor their services to individual users and also to sell ads.
When Google introduced the privacy policy last winter, it described it as a way to streamline its use of personal data across a range of services that were each previously covered by separate privacy guidelines. And in keeping with European privacy law, Google said it was collecting the data only if users “opted in.” But opting in essentially became a requirement of using each of the services, by clicking the “I Agree” button before using the service for the first time, after the new policy went into effect.
Analysts say the impact on Google’s business of accepting the regulators’ recommendations depends on whether customers readily accept having to opt into a more detailed privacy policy. If large numbers of users opt out, Google’s advertising revenue would suffer.
European privacy regulators had expressed concern last winter about the new procedures and had asked Google to delay implementing them. After the company declined, the European Commission asked France’s privacy agency to take the lead on a legal analysis, which resulted in the warning letter Tuesday to Mr. Page.
The privacy regulators said Google provided users with incomplete disclosure about its processing and storage of the data, as well as insufficient control over how information from different Google services is blended to build detailed personal profiles. Google also makes it too cumbersome for users to block the collection of these data, the regulators said.
“The new privacy policy allows an unprecedented combination of data across different Google services,” Isabelle Falque-Pierrotin, chairwoman of the French data-protection authority, said at a news conference in Paris. “We are not opposed to this, in principle, but the data could be employed in ways that the user is not aware of.”
Ms. Falque-Pierrotin, whose agency, called CNIL, conducted an investigation of the policy change on behalf of the other European Union data-protection authorities, said she would give Google “three to four months” to make changes. If the company refuses, she and other officials said, the data-protection authorities might take legal action or impose fines.
Google said it was reviewing the letter and an accompanying report from the data-protection authorities, but added that it was confident that the new policy respected European Union law.
“Our new privacy policy demonstrates our longstanding commitment to protecting our users’ information and creating great products,” Peter Fleischer, the Google global privacy counsel, said in a statement.
The letter to Mr. Page is only the latest addition to a growing list of regulatory headaches for Google. Antitrust officials at the European Commission are investigating whether Google has used its search engine to favor its own services and through preferential rankings to put competitors at a disadvantage. A similar inquiry is under way at the U.S. Federal Trade Commission.
David Vladeck, the F.T.C.’s director of consumer protection, met last week in Brussels with Ms. Falque-Pierrotin, said Cecelia Prewett, an F.T.C. spokeswoman. She declined to divulge what they discussed.

0 yorum: