Google rolls out privacy policy, snubs Euro outcry

Google has defended its decision to combine around 60 of its privacy policies into one simplified document that makes it clear that users of the company's products and services will be more uniformly tracked by the Chocolate Factory.

The search giant debuted its revised terms of service today, after announcing in late January that it would be tweaking its data-handling policy to cross-pollinate its huge online business with a single ID verification process to more accurately target its users.

Privacy advocates, data protection officials and top lawyers have been hugely critical of the move. Google's privacy policy overhaul even prompted the independent European advisory body on DP the Article 29 Working Group – which is vice-chaired by the UK's Information Commissioner Christopher Graham – to task French regulator CNIL with investigating Google's actions.

The preliminary response from CNIL, as we reported yesterday, was to confirm that Google's changes to its privacy policy did not meet the requirements of the current European 1995 Data Protection law.

Nevertheless Google has implemented the tweaks and defended the move by saying that halting it at this stage would "confuse" the firm's userbase.

At a seminar hosted by Microsoft-backed Brussels' lobbyist ICOMP in London last night, Graham danced around the question of whether Google was in the wrong.

"We don't know if Google is operating outside of EU law... I'm not going to say it isn't lawful as it's being investigated," he said.

Graham had earlier noted that the company's CEO Larry Page deserved some "credit" after Google sent out "consumer alerts" earlier this year, but further pointed out that Page had failed to answer the question on lawfulness levelled at him by CNIL.

Google's UK policy wonk, Theo Bertram, was the one lonely Choc Factory voice at the ICOMP seminar last night. He asked the speaker, ex-US Federal Trade Commissioner Pamela Jones Harbour, to explain how Google could have better communicated the changes to its users.

Jones Harbour, who sits on the Electronic Privacy Information Center's advisory board, declined to answer by saying she didn't speak for Microsoft – a company to which she currently offers legal representation, although in her previous role at the FTC she fought against Redmond over antitrust behaviour relating to the browser market.

After the event, Bertram told The Register that the former commissioner's argument against Google's data-handling and dominance in search would have been much stronger had she provided a more "balanced view" of the current online landscape.

Jones Harbour, who is a partner at Fulbright & Jaworski LLP, countered in a telephone conversation with this reporter this morning that Microsoft's search engine Bing has just 3 per cent market share in Europe, and added that Google's dominance in the online business deserved scrutiny not only by data protection watchdogs but also from antitrust regulators.

The lawyer cited the Article 29 Working Group's previous discussion with Europe's Directorate General for competition about Google's 2007 takeover of ad company DoubleClick.

Those talks didn't lead anywhere, however. Jones Harbour reckons that it's now "time for competition officials to take another look".

It's unclear whether the European Commission might yet widen its current investigation of Google's business practices to work out if that behaviour has been anti-competitive in the EU market by also considering how the company collects data from its users, given today's significant terms of service tweak.

For Jones Harbour, competition and privacy in the online world needs to be much more closely knitted together by antitrust watchdogs then is currently the case.

"The traditional ways of looking at the market don't apply here when it comes to companies such as Google," she said.

The lawyer added that she had never seen a business behave in the way Google had by declining to halt its privacy tweaks while DPAs scrutinised the move.

She claimed that "Google is arrogantly saying 'make me do it' to regulators".

Meanwhile, Google's Alma Whitten reiterated what the privacy policy revamp meant in a blog post confirming that the company had effectively ignored CNIL's request:

"The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe." ®