According to Telecompaper, Google has changed its privacy policy in the Netherlands to comply with its data protection laws. The Dutch privacy regulator (the "CBP") determined last year that Google combines and uses the personal
data of internet users without first obtaining permission according to its laws. Google acquires personal information about its users when they are logged into Google and from other data sources, such as Internet searches, location data, videos, and emails.
While this is a welcome development, why did the CBP have to threaten Google with a multi-million dollar fine before it agreed to change its privacy policy? Will Google soon change its U.S. privacy policy to actually protect the personal privacy of its users? Since Google led the charge to gut Maryland's student privacy law earlier this year, I doubt it will do so.
The bottom line is that the U.S. FTC and state attorney generals should follow the E.U.'s lead when it comes to protecting our digital privacy. The more data that companies such as Google, Facebook, data brokers, etc... are allowed to collect and utilize the less safe we become since privacy and security are bedrocks of a democratic society.
Troubling practices and antiquated thoughts about data privacy continue to be a national security threat. My hope is that our regulators and elected leaders will soon take the appropriate actions necessary to enforce and update our data privacy laws to better protect us and our children.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Showing posts with label Google Privacy Policy. Show all posts
Showing posts with label Google Privacy Policy. Show all posts
Friday, July 10, 2015
Wednesday, April 15, 2015
European Commission: Google's Conduct Infringes on Antitrust Rules
The European
Commission (EC) has sent a Statement of
Objections (i.e. a formal complaint) against Google for violating European
antitrust laws. In particular, the EC alleges Google
“has
abused its dominant position in the markets for general internet search
services in the European Economic Area (EEA) by systematically favouring its
own comparison shopping product in its general search results pages. The Commission's preliminary view is that
such conduct infringes EU antitrust rules because it stifles competition and
harms consumers.”
According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”
These announcements have come after an
almost five
year investigation into Google’s European business practices. The EC has tried three times
to settle this matter to no avail. New EC
Competition Commissioner Margrethe Vestager, reinvigorated the investigation last year when her office requested additional information from
various Internet vendors of online services to determine if consumers have been
harmed by Google’s behavior and to figure out if Google has utilized its
dominant market position to illegally hinder competition.
The EC’s investigation
appears to have picked up momentum after The Wall Street Journal
recently obtained a confidential 2012 U.S. Federal Trade Commission (FTC) report where key staff recommended suing Google for antitrust
violations after finding real harm to consumers and innovation. While the FTC report focused on Google’s U.S.
behavior, the company most likely acted in a similar fashion in the European
Union where it controls more than 90%
of the Internet search market.
Since the EC opened its antitrust
investigation into Google, the company has paid 100s of millions of dollars in fines
and settlements due to illegal behavior. For example, in 2011 it paid a $500 million fine
for knowingly accepting illegal advertisements from Canadian pharmacies. Subsequently, it has paid multiple million
dollar fines in the United States
and in Europe for
privacy violations in connection with its Street View data collection project, the
deceptive privacy practices in Google's roll out of its Buzz social network, its
2012 privacy policy change, and the Safari hack incident.
Illegally abusing market position in
Internet search (and/or other areas) is intertwined with data collection,
usage, and privacy issues because in order to receive the most relevant search
results to a search query a search engine must be able to access and process
voluminous amounts of data very quickly.
For years, 90% to 96% of
Google’s revenue has come from advertising which means it is dependent upon being
able to obtain massive amounts of personal information at a low cost to feed
its behavioral advertising machine.
Data dominance also appears to be a growing
concern of the EC. For
example, Commissioner Vestager recently stated that she’s
studying the U.S.’s “stringent approach to dealing with personal data as a means
to payment” in its review of deals. This
appears to signal that regulators are beginning to understand that personal and
corporate data issues are intertwined with antitrust matters.
The
EC’s announcement that it has also opened up an investigation into whether
Google has entered into anti-competitive agreements and/or abused its dominant
position in regards to its Android operating system demonstrates that it wants
to ensure that consumers are not harmed and that innovation is not stifled by
illegal market activities in the growing mobile space. Last year, The Wall Street Journal and The
Information reported that Google’s confidential Android agreements have been
“increasing the number of Google apps that must be pre-installed on [each
Android] device to as many as 20, placing more Google apps on the home screen
or in a prominent icon folder and making Google Search more prominent.”
Google’s
Android contract requirements are very troubling when comparing them to Microsoft’s pre-2002 agreements
with PC vendors which “required
PC manufacturers to bundle and promote the Internet Explorer Web browser and
other software in prominent locations on the computer screen.” Therefore,
it doesn’t surprise me that the EC is investigating whether Google’s Android agreements violate antitrust law.
This enforcement action and
the announcement of another investigation into Google’s other market activities demonstrates
the need for users of its services to carefully read their contracts with Google and
be familiar with their terms of service and troubling world-wide privacy
policy. Google's terms and privacy policy allows for unfettered data mining and profiling of consumer,
education, corporate, and government data. Multiple European Data Protection Authorities have already fined Google for its privacy practices and
ordered Google to change it privacy policy; unfortunately that has had virtually
no effect on its market behavior.
Today’s European Commission
announcement is the first step in what may be a long drawn out legal process,
which in theory could lead to a fine up to $6.4 billion dollars
and require Google to change some of its business practices. As a long time Google user, my hope is that
Google soon begins to once again abide by its corporate motto by
not being “evil”.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, April 30, 2014
Google To Stop Scanning Student Emails, But Troubling Privacy Policies Continue
Google announced earlier today that it will stop automatically scanning student and teacher emails sent through Google Apps for Education and will no longer use the platform to deliver any advertising.
This is a positive development for student privacy and means that if the media questions and reports on troubling and illegal corporate practices positive change may occur. I initially blogged about this issue on January 24, 2014. At that time I stated, "[I]t does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes."
Soon after I wrote about this tremendous threat to student privacy, I spoke to Education Week about this huge privacy and safety risk to our children. I told Education Week that I saw “major FERPA violations” in Google’s activities and suggested that the Education Department should investigate the company. The Federal Trade Commission, which is responsible for monitoring deceptive business practices, should also take note and....[t]he personal safety of students are at risk when commercial entities obtain access to student data and act upon the information."
While I believe this is a good first step for protecting student privacy, why did it take Google years to make this change? Absent multiple lawsuits and the investigative reporting from Education Week would Google have changed its practices? Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube, Google Plus, etc...in a school setting? Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its Terms of Service and Privacy Policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?
Will Google delete all of the personal and highly monetizable personal information that it has been collecting on students, parents, teachers, and their families? Since Google has been caught misrepresenting its practices once again should we as President Regan stated when describing the Soviet Union trust but verify? Who will do the verifying? The U.S. Department of Education, state departments of education, state attorney generals, the FTC? What about better protecting non-student users such as consumers?
Google's announced impending policy change appears to be an admission that it was violating Article 5 of the FTC Act that bans "unfair and deceptive acts". According to a 2011 FTC Consent Decree related to the Google's Buzz matter, it appears the FTC has wide latitude to investigate what appears to be an intentional privacy violation and fine Google accordingly. Under the consent agreement, it appears that Google may be fined up to $16,000 for each violation. Since Google has publicly stated that it has 30 million users, Google's legal liability may reach into the billions of dollars. For example, 30 million x $16,000 for each violation is a fine of $480,000,000,000. Will the FTC open an investigation to determine if Google violated its consent decree?
Since Google's troubling consumer privacy policy governs almost all of its services, more pressure needs to be exerted onto Google to better protect the personal privacy and safety of all of its users. Multiple EU data protection authorities have already either fined Google for its illegal and inherently dangerous privacy policy that clearly violates data protection laws across Europe and/or opened investigations into its troubling "evil behavior".
While Google creates some great products and services, it has consistently refused to do the right thing when it comes to protecting the personal privacy and safety of its users. Is this announcement being done to ward off an FTC investigation into its privacy practices and to stop more potential litigants from joining the Gmail scanning lawsuit(s)?
My hope is that now that Google plans on changing its student data collection and utilization practices in its Apps For Education platform, it will also do the same for its other school offerings. The bottom line is that Google and other companies that create user/people profiles for advertising and other purposes need to not only become more transparent but stop practices that erode the public's privacy and put them in harm's way.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
This is a positive development for student privacy and means that if the media questions and reports on troubling and illegal corporate practices positive change may occur. I initially blogged about this issue on January 24, 2014. At that time I stated, "[I]t does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes."
Soon after I wrote about this tremendous threat to student privacy, I spoke to Education Week about this huge privacy and safety risk to our children. I told Education Week that I saw “major FERPA violations” in Google’s activities and suggested that the Education Department should investigate the company. The Federal Trade Commission, which is responsible for monitoring deceptive business practices, should also take note and....[t]he personal safety of students are at risk when commercial entities obtain access to student data and act upon the information."
While I believe this is a good first step for protecting student privacy, why did it take Google years to make this change? Absent multiple lawsuits and the investigative reporting from Education Week would Google have changed its practices? Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube, Google Plus, etc...in a school setting? Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its Terms of Service and Privacy Policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?
Will Google delete all of the personal and highly monetizable personal information that it has been collecting on students, parents, teachers, and their families? Since Google has been caught misrepresenting its practices once again should we as President Regan stated when describing the Soviet Union trust but verify? Who will do the verifying? The U.S. Department of Education, state departments of education, state attorney generals, the FTC? What about better protecting non-student users such as consumers?
Google's announced impending policy change appears to be an admission that it was violating Article 5 of the FTC Act that bans "unfair and deceptive acts". According to a 2011 FTC Consent Decree related to the Google's Buzz matter, it appears the FTC has wide latitude to investigate what appears to be an intentional privacy violation and fine Google accordingly. Under the consent agreement, it appears that Google may be fined up to $16,000 for each violation. Since Google has publicly stated that it has 30 million users, Google's legal liability may reach into the billions of dollars. For example, 30 million x $16,000 for each violation is a fine of $480,000,000,000. Will the FTC open an investigation to determine if Google violated its consent decree?
Since Google's troubling consumer privacy policy governs almost all of its services, more pressure needs to be exerted onto Google to better protect the personal privacy and safety of all of its users. Multiple EU data protection authorities have already either fined Google for its illegal and inherently dangerous privacy policy that clearly violates data protection laws across Europe and/or opened investigations into its troubling "evil behavior".
While Google creates some great products and services, it has consistently refused to do the right thing when it comes to protecting the personal privacy and safety of its users. Is this announcement being done to ward off an FTC investigation into its privacy practices and to stop more potential litigants from joining the Gmail scanning lawsuit(s)?
My hope is that now that Google plans on changing its student data collection and utilization practices in its Apps For Education platform, it will also do the same for its other school offerings. The bottom line is that Google and other companies that create user/people profiles for advertising and other purposes need to not only become more transparent but stop practices that erode the public's privacy and put them in harm's way.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Tuesday, September 17, 2013
The terms and conditions that apply to the storage of your data are important
The
terms and conditions of a digital service provider are extremely important
because they govern their legal obligations to their customers. Businesses, governments, and schools are
moving from internal
servers to cloud based platforms and with this change in platforms comes
a concern regarding the privacy and security of sensitive corporate,
government, and personal identifiable information.
Clicking "I Agree" when registering for a new digital account/service or when a digital service's policies have been updated may have major legal consequences. The television show South Park made an interesting observation about what may happen when a company changes its terms and conditions in an episode last year titled the Human Centipad. While this episode demonstrated the potential pitfalls of what may happen when you agree to terms and conditions you may not understand, an online British retailer once inserted a clause into its digital agreements that gave it the right to reclaim its customers' immortal souls.
Interestingly, Google declined to be interviewed for TACMA. May Google's refusal to directly answer TACMA's questions serve as an admission that Hoback's film provides an accurate portrayal of Google's privacy policies? For those who question the film's accuracy, The Wall Street Journal recently stated "the breadth of Google's information gathering about Internet users rivals that of any single entity, government, or corporation....Google's privacy policy puts few restrictions on how much it can collect or use."
TACMA publicizes the importance of reading and understanding the terms and conditions of digital platforms. However, is greater awareness about these issues the only solution or are stronger laws and more robust enforcement actions required to protect users from companies that put profits ahead of privacy?
Clicking "I Agree" when registering for a new digital account/service or when a digital service's policies have been updated may have major legal consequences. The television show South Park made an interesting observation about what may happen when a company changes its terms and conditions in an episode last year titled the Human Centipad. While this episode demonstrated the potential pitfalls of what may happen when you agree to terms and conditions you may not understand, an online British retailer once inserted a clause into its digital agreements that gave it the right to reclaim its customers' immortal souls.
Recently,
I attended a showing of a new documentary titled Terms
and Conditions May Apply (TACMA). The film emphasizes the importance of
reading and understanding the terms and conditions of digital platforms. In particular, the documentary explores in-depth the privacy
policies and data collection practices of some of the most popular web based
services that are utilized by businesses, governments, and schools.
TACMA spends a significant amount of time discussing the privacy policies and practices of LinkedIn and Google. As a platform focused on professionals and the corporate market one may think that LinkedIn's terms and conditions would protect the privacy of the data that its professionals and corporate partners post. However, according to TACMA's director, Cullen Hoback, "LinkedIn's [terms and conditions are] abysmal. It’s the most over-reaching, ridiculous and shouldn’t-be-allowed-to-exist contract out there that I found." This description is not surprising since LinkedIn recently announced that it has lowered its minimum U.S. user age from 18 to 14 years old. This move appears to be designed to enable it to collect a treasure trove of personal information from high school students.
LinkedIn is not alone in requiring users to agree to terms and conditions that may not properly protect the privacy and security of its users. Google's March 2012 privacy policy change eroded the personal privacy of its users in order to enable it to better monetize the data it collects about those who utilize its services. Before Google's consolidated privacy policy became effective, data protection authorities across Europe raised serious concerns about the legality of the change and stated that they would investigate the matter. During the past several months, multiple European data protection authorities have stated that Google's privacy policy change violates data protection laws.
TACMA spends a significant amount of time discussing the privacy policies and practices of LinkedIn and Google. As a platform focused on professionals and the corporate market one may think that LinkedIn's terms and conditions would protect the privacy of the data that its professionals and corporate partners post. However, according to TACMA's director, Cullen Hoback, "LinkedIn's [terms and conditions are] abysmal. It’s the most over-reaching, ridiculous and shouldn’t-be-allowed-to-exist contract out there that I found." This description is not surprising since LinkedIn recently announced that it has lowered its minimum U.S. user age from 18 to 14 years old. This move appears to be designed to enable it to collect a treasure trove of personal information from high school students.
LinkedIn is not alone in requiring users to agree to terms and conditions that may not properly protect the privacy and security of its users. Google's March 2012 privacy policy change eroded the personal privacy of its users in order to enable it to better monetize the data it collects about those who utilize its services. Before Google's consolidated privacy policy became effective, data protection authorities across Europe raised serious concerns about the legality of the change and stated that they would investigate the matter. During the past several months, multiple European data protection authorities have stated that Google's privacy policy change violates data protection laws.
When
TACMA premiered in January of this year at the Sundance Film Festival, the film alleged that Google's
earliest privacy policies were not listed in its publicly available privacy policy
archive. One of Google's earliest privacy policies from December
of 2000 stated, "A
cookie can tell us, [t]his is the same computer that visited Google two days
ago, but it cannot tell us, [t]his person is Joe Smith or even, [t]his person
lives in the United States." This
privacy policy indicates that during its early years Google had a policy in place that respected and protected its users' personal privacy.
However,
by December of 2001, the language
"it [a cookie] cannot tell us, this person is Joe Smith or even, [t]his
person lives in the United States," had been removed from Google's privacy
policy. Eliminating these protections from its privacy policy appears to have
been the turning point when Google stopped making user privacy a top
priority. Updating a privacy policy that removes user anonymity protections may jeopardize
personal privacy and security.
According
to CNET,
TACMA "provides special scrutiny of Google, and argues that the company
bowed to advertiser pressure by removing language from its privacy policy
promising users anonymity unless they willingly gave it up." Regarding Google's privacy policy history, Hoback
stated, "[t]hey [Google] really did care in the beginning quite a lot
about privacy. But when your profit margins come in direct opposition to your
principles, sometimes those principles suffer."
Interestingly, Google declined to be interviewed for TACMA. May Google's refusal to directly answer TACMA's questions serve as an admission that Hoback's film provides an accurate portrayal of Google's privacy policies? For those who question the film's accuracy, The Wall Street Journal recently stated "the breadth of Google's information gathering about Internet users rivals that of any single entity, government, or corporation....Google's privacy policy puts few restrictions on how much it can collect or use."
TACMA publicizes the importance of reading and understanding the terms and conditions of digital platforms. However, is greater awareness about these issues the only solution or are stronger laws and more robust enforcement actions required to protect users from companies that put profits ahead of privacy?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, July 1, 2013
EU Data Protection Authorities Lead The Fight To Protect Digital Privacy
The
CNIL, France's independent administrative authority that ensures that data protection
law is adhered to by companies doing business in France recently ordered Google to comply with
the French Data Protection Act within three months or face sanctions for
non-compliance. According to Reuters, the CNIL
stated that Google has broken French law and that it has until the end of the
three months to change its privacy policies or it may be fined up to 150,000
euros. Reuters also reported
that Spain's Data Protection Agency (AEPD) may fine Google between 40,000 and
300,000 euros for each of its five violations of the Spanish Data Protection
Law.
The
allegations that Google has violated data protection laws throughout Europe is
extremely serious and unfortunately not surprising. Google's January
24, 2012,
announcement that as of March 1, 2012, it would change its web sites' privacy
policies to enable it to combine all of the information that it collects about
its users to enhance its data mining capabilities created so many questions
about its legality that before it even went into effect, France's
data protection authority, the CNIL, notified Google on February 27, 2012
that it would lead a coordinated European investigation into the matter.
In
October 2012, the European
Union Data Protection Agency issued a report alleging that Google's
new privacy policies failed to comply with its data protection laws. This
report was endorsed by privacy regulators in 27 EU member states along with
Australia, Mexico, New Zealand and Canada.
Since this report was issued, the EU has provided Google the opportunity to either prove that its privacy policy change complies with EU data
protection laws, revert to its old privacy policies, or propose another
solution that would adhere to EU data protection laws.
Unfortunately
for Google's users, it has continued to claim that its March 1,
2012 privacy policy change does not violate EU data protection laws even though
regulators across the continent have concluded otherwise. Since Google announced that it would change its privacy policies, Internet users have begun to demand that legislators along with regulators better protect personal digital privacy.
Privacy
legislation, regulation, and enforcement is on the rise. For example, since May 2012, at
least 36 states along with Congress have either introduced and/or enacted
privacy laws that generally ban employers and/or schools from being able to require
access to their employees' and/or students' personal digital data stored in the
cloud. Late last year, U.S. Senator
David Rockefeller
opened an investigation into the practices of nine data brokers which may have led the FTC to study this issue. The recent NSA digital
surveillance disclosures have proven that Internet users deeply care how
their personal information is being utilized by the companies that are entrusted with their digital thoughts, correspondence, and information.
With
access comes responsibility. Google has
demonstrated time and time again that it and/or its employees may abuse its
position as a gatekeeper of personal information. For example, several years ago, PC Magazine reported that a Google engineer was fired for accessing the Gmail and Google Voice
accounts of minors and taunting children with the personal information he found. Last year, Google paid
a record $22.5 million
civil penalty
to settle FTC charges that it misrepresented to users of Apple's Safari
Internet browser that it would not place tracking “cookies” or serve targeted
ads to those users, violating an earlier privacy settlement with the FTC. Several months ago, Google was fined 145,000
euros in Germany for what Hamburg data
regulator Johannes Caspar stated was "one of the biggest data protection
rules violations known" when it collected the personal e-mails, passwords, and photos of Internet users during its Google Street View
project.
Why
isn't breaching data protection laws not considered as serious or troubling
as breaking anti-trust laws? Violating
the privacy of a digital user, whether a minor child or an adult, creates significant personal safety issues. For
example, if an employee of a company that accumulates vast amounts of personal data
about its account holders utilizes his position to harass and/or blackmail its users there are tremendous personal privacy, safety, and legal issues that need to be properly addressed.
While
anti-trust violations may be detrimental to individuals, businesses, and
society; in general, the greatest harm that may occur is that someone may pay
more for a good or service than they otherwise would have and/or potential
competition may be stifled. Therefore,
since privacy violations may create greater personal safety and security issues
and may do more harm to members of society than anti-trust violations, why isn't the punishment for privacy violations at least equal if not greater than the punishment for anti-trust violations? Why are anti-trust violations generally punished much more harshly than privacy
violations?
Will
EU regulators investigate
whether Google's privacy policies affect how it presents its Internet search
results? What if Google's data mining capabilities
that appear to have been greatly increased because of its privacy policy changes
is a major factor in its alleged monopolistic behavior in the European Internet
search market? Have the potential interconnection of these issues been thoroughly investigated by European regulators?
Data
protection authorities across Europe appear ready, willing, and able to take action
against Google in three months. If
Google hardens its position and continues to refuse to acknowledge that its privacy policy change puts the personal privacy of its users at risk and violates EU data protection laws, this
stance may lead to not only sanctions against Google, but also to increased scrutiny of the privacy policies of other U.S.
based companies.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, October 15, 2012
European Union May Require Google To Change Its Privacy Policies
According to Reuters, the European Union has sent Google a letter demanding changes to Google's new privacy policy to better protect the personal data of its users. The Guardian is reporting that Google may be told on Tuesday to revisit the controversial changes introduced in March.
On January 24, 2012, Google announced that as of March 1, 2012, it would revamp its privacy policies. At the time of its announcement, Google stated that it had more than 70 privacy policies and that it is "rolling out a new main privacy policy that covers the majority of our products and explains what information we collect, and how we use it, in a much more readable way. While we’ve had to keep a handful of separate privacy notices for legal and other reasons, we’re consolidating more than 60 into our main Privacy Policy." .... "Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you've provided from one service with information from other services."
Streamlining almost 70 privacy policies into 1 policy is much easier for compliance and legal purposes since it means that Google will only have to keep abreast of 1 uniform policy instead of more than 60. In other words, the change may decrease legal and compliance costs by millions of dollars per year. The new Privacy Policy states that Google may combine all of its users' information into one profile that may enhance its data mining capabilities which may increase its advertising revenues by hundreds of millions of dollars per year. Of Google's $37.9 billion in 2011 revenue, 96 percent came from advertising.
Before Google's new privacy policy went into effect, France's data protection authority, the CNIL, told Google in a letter dated February 27, 2012 that it would lead a Europe-wide investigation of the new policy. Soon after Google implemented the changes there was an uproar about the matter.
Since Google refused to heed the EU's prior warnings that changing its privacy policies may violate data protection laws it would not surprise me if the CNIL harshly rebukes Google and "recommends" it change its privacy policies and is "asked" to better inform its users on how it utilizes their personal data. However, until the decison is made public it would be premature to speculate how this may affect Google and its advertising clients.
To learn more about these issues you may contact me at www.shearlaw.com.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC All rights reserved.
On January 24, 2012, Google announced that as of March 1, 2012, it would revamp its privacy policies. At the time of its announcement, Google stated that it had more than 70 privacy policies and that it is "rolling out a new main privacy policy that covers the majority of our products and explains what information we collect, and how we use it, in a much more readable way. While we’ve had to keep a handful of separate privacy notices for legal and other reasons, we’re consolidating more than 60 into our main Privacy Policy." .... "Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you've provided from one service with information from other services."
Streamlining almost 70 privacy policies into 1 policy is much easier for compliance and legal purposes since it means that Google will only have to keep abreast of 1 uniform policy instead of more than 60. In other words, the change may decrease legal and compliance costs by millions of dollars per year. The new Privacy Policy states that Google may combine all of its users' information into one profile that may enhance its data mining capabilities which may increase its advertising revenues by hundreds of millions of dollars per year. Of Google's $37.9 billion in 2011 revenue, 96 percent came from advertising.
Before Google's new privacy policy went into effect, France's data protection authority, the CNIL, told Google in a letter dated February 27, 2012 that it would lead a Europe-wide investigation of the new policy. Soon after Google implemented the changes there was an uproar about the matter.
Since Google refused to heed the EU's prior warnings that changing its privacy policies may violate data protection laws it would not surprise me if the CNIL harshly rebukes Google and "recommends" it change its privacy policies and is "asked" to better inform its users on how it utilizes their personal data. However, until the decison is made public it would be premature to speculate how this may affect Google and its advertising clients.
To learn more about these issues you may contact me at www.shearlaw.com.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Subscribe to:
Posts (Atom)