Google's New Privacy Policy Being Scrutinized by the French Data Protection Authority

Google launched a new privacy policy that took effect on March 1st, 2012. According to Google, the purpose of revising its privacy policy was to unify into one single privacy policy more than 60 different privacy policies across its wide array of products and services. 

The Article 29 Working Party, the European independent advisory body on data privacy, expressed concerns about the consequences of this new privacy policy on the citizens of the EU member states. It informed Google in a letter dated February 2nd that the French Data Protection Authority (“CNIL”) has taken on the task of reviewing and analyzing Google’s new privacy policy, on behalf of all European data protection authorities. It also requested that Google delay the implementation of the new policy until the analysis is completed, which Google refused.

After conducting its preliminary analysis, the CNIL informed Google in a letter dated February 27th 2012 that the CNIL decided to launch an investigation on behalf of all European data protection authorities. According to this letter, the CNIL expressed strong doubts about the compliance of Google’s privacy policy with the European Directive 95/46/EC on data protection (the “Directive”).

Firstly, the CNIL states that Google’s privacy policy does not comply with the obligations under Article 10 of the Directive. Specifically, according the CNIL, Google’s new policy is too general - the data subjects are not informed of the specific purpose of data collection across Google’s products and services or the recipients of the data collected. The CNIL posits that Google should have used a “multi-layered” approach, where basic, general information about its privacy practices is provided in a short notice, followed by more detailed information for each service in a longer notice.

In addition, the CNIL and all EU data protection authorities stated that they are “deeply concerned” about the possibility for Google to combine data across its products and services (such as, for example, using data collected through a data subject’s use of his/her Android phone in order to display targeted advertisements when he/she uses YouTube). The CNIL, referencing Articles 6 and 7 of the Directive, expressed “strong doubts” about the lawfulness and fairness of Google’s data processing.

The CNIL has indicated that it will continue to investigate Google’s privacy practices.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Privacy & Data Security | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.