Google's New Privacy Policy Being Scrutinized by the French Data Protection Authority


Google launched a new privacy policy that took effect on March 1st, 2012. According to Google, the purpose of revising its privacy policy was to unify into one single privacy policy more than 60 different privacy policies across its wide array of products and services. 

The Article 29 Working Party, the European independent advisory body on data privacy, expressed concerns about the consequences of this new privacy policy on the citizens of the EU member states. It informed Google in a letter dated February 2nd that the French Data Protection Authority (“CNIL”) has taken on the task of reviewing and analyzing Google’s new privacy policy, on behalf of all European data protection authorities. It also requested that Google delay the implementation of the new policy until the analysis is completed, which Google refused.

After conducting its preliminary analysis, the CNIL informed Google in a letter dated February 27th 2012 that the CNIL decided to launch an investigation on behalf of all European data protection authorities. According to this letter, the CNIL expressed strong doubts about the compliance of Google’s privacy policy with the European Directive 95/46/EC on data protection (the “Directive”).

Firstly, the CNIL states that Google’s privacy policy does not comply with the obligations under Article 10 of the Directive. Specifically, according the CNIL, Google’s new policy is too general - the data subjects are not informed of the specific purpose of data collection across Google’s products and services or the recipients of the data collected. The CNIL posits that Google should have used a “multi-layered” approach, where basic, general information about its privacy practices is provided in a short notice, followed by more detailed information for each service in a longer notice.

In addition, the CNIL and all EU data protection authorities stated that they are “deeply concerned” about the possibility for Google to combine data across its products and services (such as, for example, using data collected through a data subject’s use of his/her Android phone in order to display targeted advertisements when he/she uses YouTube). The CNIL, referencing Articles 6 and 7 of the Directive, expressed “strong doubts” about the lawfulness and fairness of Google’s data processing.

The CNIL has indicated that it will continue to investigate Google’s privacy practices.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Privacy & Data Security | Attorney Advertising

Written by:


Proskauer - Privacy & Data Security on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.