You are not logged in. LOG IN NOW >

The French data protection authority says that Google's new policy violates EU data protection law

BY Antonella Napolitano | Wednesday, February 29 2012

On Thursday, Google’s new privacy policy will become effective for all users.
Its application, though, may turn controversial especially in Europe: the French data protection authority (called CNIL) has analyzed the policy and declared that it violates the European Union data protection law. That law is called the European Data Protection Directive.

On their website, the organization writes:

The CNIL and the EU data protection authorities regret that Google did not accept to delay the application of this new policy which raises legitimate concerns about the protection of the personal data of European citizens.
[...] rather than promoting transparency, the terms of the new policy and the fact that Google claims it will combine data across services raise fears and questions about Google’s actual practices. Under the new policy, users understand that Google will be able to track and combine a large part of their online activities thanks to products such as Android, Analytics or its advertising services. [...] In addition, the use of cookies (among other tools) for these combinations raises issues related to Google’s compliance to the principle of consent laid down in the revised ePrivacy Directive.

As the New York Times reported in February, the French organization was asked to conduct the investigation by request of the Article 29 Working Party, a body comprising representatives from the data protection authority of each EU member state, the European Data Protection Supervisor and the European Commission. Article 29 has no enforcement powers.

Google’s privacy policy was first announced on Jan. 25, at about the same time it was announced that the European Union is working on a new data protection law to provide a single set of rules for European and international companies that use data in their businesses. One of the pillar of the law is the “right to be forgotten”, which would allow people to request that their personal information be deleted from a social network and not disseminated online.