Google Privacy Policy Could Violate EU Law

judgecorp writes "Google's new unified privacy policy could violate EU law, according to objections. The French data regulator warns that the policy will infringe users' privacy by building a single online profile. Commission Nationale de L’informatique et Des Libertes (CNIL) has expressed “deep concerns” about the policy and its adherence to the European Data Protection Directive."

What about MSN passport?

[Eraesr]

Hasn't MS done the same with MSN passport, where you use one login for Hotmail, MSN Messenger, XBox Live and various other services?

Re:What about MSN passport?

[icebraining]

Oh really, Mr. shill? So where's that opt-in option?

From Microsoft privacy statement:

Collection of Your Personal Information

We collect information as part of operating our Websites and services.

- At some Microsoft sites, we ask you to provide personal information, such as your e-mail address, name, home or work address, or telephone number. We may also collect demographic information, such as your ZIP code, age, gender, preferences, interests and favorites. If you choose to make a purchase or sign up for a paid subscription service, we will ask for additional information, such as your credit card number and billing address.

- In order to access some Microsoft services, you will be asked to sign in with an e-mail address and password, which we refer to as your Windows Live ID. By signing in on one Microsoft site or service, you may be automatically signed into other Microsoft sites and services that use Windows Live ID. For more information, see the Windows Live ID privacy supplement.

- We collect additional information about your interaction with Microsoft sites and services without identifying you as an individual. For example, we receive certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times and referring Web site addresses. We also use Web site analytics tools on our sites to retrieve information from your browser, including the site you came from, the search engine(s) and the keywords you used to find our site, the pages you view within our site, your browser add-ons, and your browser's width and height.

- We use technologies, such as cookies and web beacons (described below), to collect information about the pages you view, the links you click and other actions you take on our sites and services.

- We also deliver advertisements (see the Display of Advertising section below) and provide Web site analytics tools on non-Microsoft sites and services, and we collect information about page views on these third party sites as well.

- When you receive newsletters or promotional e-mail from Microsoft, we may use web beacons (described below), customized links or similar technologies to determine whether the e-mail has been opened and which links you click in order to provide you more focused e-mail communications or other information.

No opt-in here! The only thing you can do is opt-out of the advertising (not data collection).

More:

Sharing of Your Personal Information

Except as described in this statement, we will not disclose your personal information outside of Microsoft and its controlled subsidiaries and affiliates without your consent.

So, you can't even choose not to share your personal information with some subsidiaries and affiliates.

Oh, and that centralization of data people are criticizing Google for?

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.

Re:What about MSN passport?

[iserlohn]

Right.. more FUD...

What about this?

Don't take my word for it. On privacyscore.com, you can check the privacy comparisons between Google and MS websites yourself and look at the breakdowns.

Re:What about MSN passport?

[icebraining]

I don't like lying shills, therefore I'm a Google fanboy? Good argument.

Re:What about MSN passport?

[TheRaven64]

Because that would require Microsoft to be competent at cross referencing and datamining and, well, have you seen Bing?

Use another service?

[zippo01]

They act like Google doesn't already know everything about everyone. I see nothing wrong with Google doing whatever they want with the information I voluntarily provide them in exchange for their services. If you don't want them to have it, use another service.

Re:Use another service?

[Lennie]

Most non-technical users don't understand these things. Kids usually don't fully understand the impact/ramifications.

Atleast that is some of the arguments I've heared.

Most politicians also fall in the first catagory.

Re:Use another service?

[zippo01]

ignorance never makes good justification.

Re:Use another service?

[azed9]

Use another service? Not possible with an android device as most useful functions require a Google login. Google should offer an opt out option. Or a refund.

Re:Use another service?

[Robert+Zenz]

So? Don't buy an Android device then, if you did not know that beforehand, send it back. If you just figure that out after months...well, go figure.

You know, you're not exactly forced to use an Android device (no I won't accept corporate stuff as excuse), you can buy a simple not-so-smart-phone...or a Windows phone *snickers*.

Re:Use another service?

[WrongSizeGlass]

ignorance never makes good justification.

You're right, it doesn't. But, ignorance is a fact of life in many (if not most) areas of "technology". Don't know how to fix your own car so you got an expensive repair bill? Are you sure all those parts really needed to be replaced? How about fixing your own electric or plumbing or computer? Just because these are "physical" objects doesn't make it that different. If you knew how they worked you could (and hopefully would) make a more educated decision about them.

Yes, Google is trying to become 'Big Brother' without all those pesky restraints put upon governments by their citizens. The more information Google, Facebook, et al can harvest the more useful they become to other large entities. We're all ignorant of the true intent of these types of companies, but I'm pretty sure they intend to move "profit!" up to position #1 if at all possible.

Re:Use another service?

[icebraining]

Parent's point is that the one "using their services" is the porn website (using Google Analytics), not the user, who will be tracked even though he isn't using any Google service.

Re:Use another service?

[Shazback]

Ignorantia juris non excusat (or for our civil law country friends : nemo censetur ignorare legem).

So the state/EU/politicians are saying that they need to protect me from wilfully giving my information in exchange for a service, on that basis that I'm "ignorant"... And at the same time they believe I'm perfectly knowledgeable of every facet of law?

Re:Use another service?

[ciderbrew]

No this isn't the same. Having a person fix a broken object and getting ripped off may be ignorance but it doesn't stop a person getting a job 20 years down the line.
If a teen wrote on facebook "first gay kiss, love that person / just tried drugs / want to vote for party X", that bit of information is there to haunt them. Being gay, trying drugs or voting x is not the issue, not being able to "un-share" it, should the need arise is.
The enlightened in this case, should work to protect the ignorant. Being a decent engineer, being a sysadmin (xkcd style) means you are the powerful. And with great power ... Help the ignorant by default.

Re:Use another service?

[errandum]

Well, if he's worried about the cookies, he can use a feature present on most modern browsers to go incognito or private or whatever. That works if they track with cookies. Most modern browsers will also let you delete things selectively (as in, "last hour").

If they track by IP (Which I doubt) then, good luck since most of the world is behind dynamic IP's that change every 4 days or so.

If they're going by your addon signature or any shady tactic like that (which I doubt, since they seem to be under a whole lot of scrutiny lately), simply don't install all your stuff on a "porn browser, creating a bogus signature.

Even chrome is getting a "do not track" button, so there is also that.

Either way, the only thing they are doing now that they didn't do before is sharing the info throughout your account. If he doesn't have an account, what's his problem? Because every ad company will track you.

And furthermore, I highly doubt that everyone complaining doesn't have a social network account or something like that. Those are far worse because, since google uses the analytics themselves, they won't be sharing anything relevant with no one else in order to get a competitive edge. Facebook is not on the advertising business, so they DO share the info of their users with others (which, in my opinion, is way worse).

Re:Use another service?

[poetmatt]

Really?

You can use other browsers. It's not simply "use stock browser or nothing".

Google already enforces (not simply advertises) brute honesty in app installs as well.

You can be logged into any google login you want, and access the other one through another mail program if that's all it's for.

Google does offer an opt out function, but what is exactly the refund for free?

Re:Use another service?

[symbolset]

If you don't like the terms don't use the service. Nobody's putting a gun to your head and making you use Google+. They didn't sneak a change of terms in on you here. Nobody lied to you. They didn't cheat you. They didn't steal from you.

so all of a sudden Google is now infringing

[Escogido]

and Facebook is not? What is it that Facebook is doing that Google has not done? Reading the FA didn't reveal anything other than an impression that "will continue their investigations with Google’s representatives" essentially means "will see if this gives us a good chance to treat Google as an ATM".

Re:so all of a sudden Google is now infringing

[TheRaven64]

Facebook only provides a single service: to collect all of your information and provide it to advertisers. Google provides a number of unrelated services and shares data about you between them. This sounds like it would easily contravene the EU data protection directive which says, basically, that you can't transfer personal information to third parties without explicit consent and can't use personal information for anything other than providing the service that the user asked for.

Re:so all of a sudden Google is now infringing

[Carewolf]

Cross-referencing databases. I guess facebook is in the clear because they only have one database. The problem is cross-referencing personal data from multiple databases.

It sounds a bit odd in technical ears, but the idea is that users can control how much they reveal about themselves and to whom. When data is cross-referenced, then data them only meant to reveal in a specific context is suddenly available in a context where it was not meant to be revealed.

Re:so all of a sudden Google is now infringing

[icebraining]

See those Facebook buttons in almost every website? That's Javascript being loaded from Facebook's domains, and your browser is sending your login cookies along.

Are they tracking? It's impossible to know. But they are getting the information of what sites you're visiting.

Re:so all of a sudden Google is now infringing

[CProgrammer98]

where's the third party? Google operate all of the services that the new consolidated privacy policy applies to.

Not a bad thing

[Rik+Sweeney]

To be honest, having different terms and conditions for every service that Google runs must have been quite confusing for a lot of people*, so consolidating them into one package does make sense.

I can however understand the problem with Google now being able to use data collected from one service and now using it in another, but if all they're doing is using it to target us with more specific ads then I don't really care.

* I've never read the T's and C's and to be honest I reckon only a very small number of Google users have.

If the services had started out integrated

[Chrisq]

If the services had started out integrated this would not be an issue. On Facebook you can do a search, look at someone's photos, post comments etc. and everyone knows they all share data. Should Google be treated differently just because google brought in picassa, added blogging, etc. rather than implementing them all in one go?

Re:If the services had started out integrated

[MrMickS]

The key issue is where the control lies. On Facebook the user has to explicitly allow the information to be used by the various applications etc. In Googleland they are just tearing down the barriers without giving the user the chance to say that they don't want their information from the different areas to be included in their meta-profile.

If Google had thought about it a simple acceptance screen allowing people to opt in and out their information from the meta-profile would probably have addressed the privacy concerns. It would also highlight to the users what information Google has collected and what services it is providing. Google steers by its own moral compass and doesn't really care what anyone else thinks as long as it's happy with what its doing.

Re:If the services had started out integrated

[Shazback]

How can I get FB to not use my information in photos? Oh wait. I can't. How can I get FB to not use my information in events? Oh wait, I can't. How can I get FB to not use my information in chat? Oh wait, I can't.

Google has the same controls regarding third party access to information as FB. The only difference is that Google doesn't really rely on many third party applications, whilst FB has created a complete ecosystem in that respect.

>>If Google had thought about it a simple acceptance screen allowing people to opt in and out their information from the meta-profile would probably have addressed the privacy concerns. It would also highlight to the users what information Google has collected and what services it is providing.
Google has had Dashboard for *years* now that shows exactly what personal information Google had gathered from their various services. For each service, you can (and could well before today) go into the specifics of the privacy agreement, remove personal data, change how it would be shared etc. FB doesn't have anything like that. Google has pointed out repeatedly that it HAS Dashboard, and unlike FB, provides a tool to remove -all- your personal information.

What about NSA?

[curious.corn]

Listen guys, privacy is toast anyway... if anything Google is making us acknowledge this and move along.

Do no evil?

[MrMickS]

Google's motto is 'do no evil' which is laudable. It has to be asked though, "who defines what is evil?".

Boycott Google

[Cherubim1]

Google violates human decency.

EU vs. US on privacy

[yankexpat]

Having worked for many years in digital security in Europe, I believe that I have some understanding of this issue. It all boils down to the presence (US) or absence (EU) of private credit rating and consumer data collection industries. In Europe, banks are required to do their own risk assessment. If any data collected about a consumer falls in the wrong hands, the collecting party is liable for any damages UNLESS the consumer has given formal (i.e. written) consent for that information to be passed on. In the US, the entire credit industry is predicated on the ability to collect large amounts of data about consumers and then to create risk profiles based on that data.

Single company, single profile

[l2718]

As far as I know, Google is a single company. That it offers "mail", "calendar", "youtube" and other services doesn't mean it is different companies.

Can EU customers of department stores insist that the department not combine information from their shopping at the furniture department and clothing department but treat it separately? If that's what you want you should simply get several loyalty cards and use them separately -- which Google already supports.

In fact, if you don't want to be tracked by Google then simply don't sign in to a google account when you search. Alternatively, have several google accounts -- one for each service.