Last month, Google announced that it would begin integrating user data across all its services and create a single privacy policy that users would automatically agree to for all its services whenever they used any single Google service. European regulators on Feb. 2nd asked Google to hold off implementing the policy until they had a chance to review it, but Google declined to do so.
So today, the French data protection agency, which was empowered to take the lead on the issue by what’s called the Article 29 Working Party of regulators across Europe, issued a letter to Google stating that “our preliminary analysis shows that Google’s new policy does not meat the requirements of the European Directive on Data Protection.”
On their website CNIL added that “the CNIL and the EU data protection authorities are deeply concerned about the combination of data across services.” They added:
Moreover, rather than promoting transparency, the terms of the new policy and the fact that Google claims it will combine data across services raise fears and questions about Google’s actual practices. Under the new policy, users understand that Google will be able to track and combine a large part of their online activities thanks to products such as Android, Analytics or its advertising services…In addition, the use of cookies (among other tools) for these combinations raises issues related to Google’s compliance to the principle of consent laid down in the revised ePrivacy Directiv.
The CNIL and the EU data protection authorities are deeply concerned about the combination of data across services and have strong doubts about the lawfulness and fairness of such processing. They intend to address these questions in detail with Google’s representatives.
Google just seems to be barreling down the road of ignoring warning by regulators both in the U.S. and Europe– and you have to wonder how large the crackup is going to be at this pace. Clint Boulton at eWeek has largely been a booster of Google at his GoogleWatch site, but even he argues today that in light of these multiple investigations (and he’s not even talking about Europe), he thinks:
Google knows that this isn’t going to end well…it’s ripe for a huge legal smackdown for anti-competitive practices and consumer privacy violations, and a possible violation of its consent decree, and the company could be facing a perfect storm of bad happenings this year.
Given that Google was hit by the largest civil fine in American history, $500 million for its illegal pharma ads, what constitutes “bad happenings” in the future could potentially be bad indeed. Yet Google just can’t seem to figure out a way to engage regulators in ways that don’t further dig their hole deeper.