EU Watchdogs To Outlaw Google Privacy Policy

Unified Google privacy policy is likely to be found illegal

On Tuesday, French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) is expected to demand the reversal of a controversial Google privacy policy that the company implemented in March, which combines data from 60 products.

Google Privacy Policy
Update: EU Watchdogs Order Google Privacy “Upgrade”

CNIL was heading the investigation designed to look at whether the changes violated EU law. Earlier, Google had been warned by both EU and US regulators to stop the introduction of the policy until it was approved, but went ahead and implemented the policy, which lets Google combine user data between all of its products, including Search, Gmail and Youtube, and gives users one opportunity to opt out.

The case is expected to have important consequences for Internet companies across Europe, and result in heavy financial losses for the Silicon Valley company.

[Update: the French watchdog’s demands have now been published]

Warning shots

In February, the Article 29 Working Party – an independent body that brings together data protection authorities from each of the EU’s 27 member states – asked for a “pause” in the introduction of the single Google privacy policy for over 60 products by. The Working Party said it needed time to investigate whether the new policy offered sufficient protection for personal data.

This sentiment was echoed in the US, where eight senators wrote a letter to Google CEO Larry Page, expressing concern over the new policy and the inability to opt out.

Google said it didn’t change existing privacy settings or collect additional data on users. Instead, the changes were designed to make privacy policies simpler to understand, while also giving company the opportunity to use the newly established data pool to improve its advertising and search services.

The Article 29 Working Party had put CNIL, one of the more aggressive EU regulators, in charge of the investigation. On March 1, despite the warnings, Google went ahead with introduction of the single privacy policy. Several days later, EU Justice Commissioner Viviane Reding sharply criticised the decision.

Now, CNIL has reportedly deemed the Google privacy policy illegal, since it did not give the users a chance to opt out. According to the Guardian, the watchdog is expected to tell Google to separate the user data and re-introduce different privacy policies for each of its products. CNIL has declined to comment ahead of the press conference.

The separation of the data could present a serious technical challenge.

CNIL could impose a fine on Google, but even if it doesn’t, the company could still lose millions. “This [EU] decision may restrict Google’s ability to fully monetise its users’ personal data across its platforms and may cost Google tens of millions of dollars in lost revenue,” US lawyer Bradley Shears told the Guardian.

In March, UK’s Information Commissioner’s Office (ICO) said it would follow EU regulators on any potential punishment.

“It would be inappropriate to provide any further comment until CNIL have been given the opportunity to present the full outcome of their findings,” ICO spokesperson told TechWeekEurope.

Meanwhile, a separate EU investigation is looking at whether Google is using its dominant position in the search engine market to harm the competition. European Commission staff are currently looking at Google’s proposals in four areas of concern. If these proposals don’t satisfy the EC, the company could be fined up to ten percent of its worldwide revenues – which for 2011 amounts to €2.9bn (£2.3bn).

Are you a Google expert? Take our quiz!