EU regulators want Google to halt new privacy policy
A group of European regulators has written to Google Inc calling on it to halt the introduction of its new privacy policy, saying it needs to investigate whether the proposals sufficiently protect users' personal data.
Google said in January it was simplifying its privacy regulations, consolidating 60 guidelines into a single policy that will function across all its services, including YouTube, Gmail and Google+, its social network site.
The Article 29 Working Party, an independent body that brings together data protection authorities from each of the EU's 27 countries and the EU's executive European Commission, said it needed to examine Google's plans more thoroughly before the search group's policy comes into effect on March 1.
Given the wide range of services you offer, and the popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states, the group wrote to Google Chief Executive Larry Page on February 2.
We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated way, it said, explaining that France's data protection authority would be in charge of the investigation.
In light of the above, we call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis.
The European commissioner in charge of data protection, Viviane Reding, welcomed the move, saying it was a necessary to establish that EU data rules were being firmly applied.
The Commission therefore calls on Europe's data protection authorities to ensure that EU law is fully complied with in Google's new privacy policy, she said in a statement.
Google said the raising of concerns came as a surprise.
We briefed most of the members of the working party in the weeks leading up to our announcement, said Al Verney, Google's spokesman in Brussels.
None of them expressed substantial concerns at the time, but of course we're happy to speak with any data protection authority that has questions.
Google's director of public policy has explained the new policy as a commitment to simplicity, with the company trying to explain its guidelines far more concisely.
We're explaining our privacy commitments to users of those products in 85 percent fewer words, Pablo Chavez wrote on his blog on January 31.
The new policy explains what information Google collects from the millions of people who use its services every day, why the information is collected, how it is used and what choices are then offered to limit how it is accessed and updated.
While Google is not obliged to wait for the conclusion of the Article 29 Working Group's investigation before adopting its new policy, the company has tended in the past to be as cooperative as possible with European authorities.
The move by the EU regulators comes days after the European Commission set out legislative plans to overhaul its 17-year-old data protection rules, putting in place much more stringent policies on the protection of individual's data.
Under the new rules, internet companies such as Google, Facebook and Yahoo would have to ask users whether they can store and sell their data to other businesses, such as advertisers, which is source of almost all their income.
Internet users can also ask for their data to be deleted from websites for good, the so-called right to be forgotten.
Separately, Google remains the subject of an inquiry by both the EU's competition authority and the U.S. Federal Trade Commission into how the company ranks its search results. The inquiries are based in part on complaints from French rivals.
The FTC expanded its probe on January 13 to include Google's social networking site Google+.
(Reporting By Claire Davenport; Editing by Luke Baker and Helen Massy-Beresford)
© Copyright Thomson Reuters 2024. All rights reserved.