This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2012/10/17/business/global/17iht-google17.html

The article has changed 7 times. There is an RSS feed of changes available.

Version 2 Version 3
Google Is Pushed to Change Privacy Policy to Protect Data Europe Presses Google to Change Privacy Policy
(35 minutes later)
BERLIN — European regulators on Tuesday threatened Google with fines or legal action unless it makes it clearer to its customers what personal data is being collected from them and how it is being used. BERLIN — European regulators on Tuesday threatened Google with fines or legal action unless it made it clearer to its customers what personal data was being collected from them and how it was being used.
In a letter to Google, the regulators stopped short of describing the company’s 10-month-old data collection policy as illegal. But it noted that Google did not appear to adhere to Europe’s approach to data collection, which requires explicit prior consent by individuals and that the data collected be kept at a minimum.In a letter to Google, the regulators stopped short of describing the company’s 10-month-old data collection policy as illegal. But it noted that Google did not appear to adhere to Europe’s approach to data collection, which requires explicit prior consent by individuals and that the data collected be kept at a minimum.
The regulators couched their requests as “practical recommendations.” But when asked what regulators would do if Google did not accede and make changes, Jacob Kohnstamm, head of the Dutch data protection authority, said national regulators probably would take legal action to compel changes.The regulators couched their requests as “practical recommendations.” But when asked what regulators would do if Google did not accede and make changes, Jacob Kohnstamm, head of the Dutch data protection authority, said national regulators probably would take legal action to compel changes.
“After all, enforcement is the name of the game,” Mr. Kohnstamm said.“After all, enforcement is the name of the game,” Mr. Kohnstamm said.
The request was made by the French regulator, CNIL, the National Commission for Computing and Civil Liberties, at a news conference in Paris. The French agency was asked this year to analyze the legality of Google’s new data policies by the European Commission’s top privacy panel, called the Article 29 Working Group. The request was made at a news conference in Paris by the French regulator, known as CNIL, or the National Commission for Computing and Civil Liberties, which was enacted on behalf of all European data regulators.
Google announced the new policy in January, billing it as a way to streamline and simplify the privacy practices it employed worldwide across about 60 different online services, and to introduce greater clarity for users
Google informed customers of its services, which include Gmail, Google Maps and YouTube, of the changes until they took effect in March, requiring them to agree to them in order to access their accounts.
European regulators voiced their concerns almost immediately and CNIL conducted an inquiry that lasted semonths.
Isabelle Falque-Pierrotin, the chairwoman of CNIL, said her agency was giving Google “three to four months” to respond to its concerns.Isabelle Falque-Pierrotin, the chairwoman of CNIL, said her agency was giving Google “three to four months” to respond to its concerns.
„“If Google does not implement these recommendations, we will pass to a different phase, a phase of sanctions,” Ms. Falque-Pierrotin said. “If Google does not implement these recommendations, we will pass to a different phase, a phase of sanctions,” Ms. Falque-Pierrotin said.
Enforcement of privacy law in Europe remains a matter for national regulators. In France, CNIL has the legal ability to fine companies as much as €300,000 for privacy breaches. But whether CNIL will levy a fine, and whether other E.U. countries follow suit, remains unclear. Enforcement of privacy law in Europe remains a matter for national regulators. In France, CNIL has the legal ability to fine companies as much as €300,000, or about $390,000, for privacy breaches. But it remains unclear whether CNIL will levy a fine and whether other E.U. countries follow suit.
Google said in a statement that it believed that what it calls its privacy policy was legal.Google said in a statement that it believed that what it calls its privacy policy was legal.
“We have received the report and are reviewing it now,” Peter Fleischer, the Google global privacy counsel, said in the statement. “Our new privacy policy demonstrates our longstanding commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.”“We have received the report and are reviewing it now,” Peter Fleischer, the Google global privacy counsel, said in the statement. “Our new privacy policy demonstrates our longstanding commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.”
If adopted, the recommendations could have consequences on some of Google’s main businesses, which depend on consumer profiling for the targeting of advertising.If adopted, the recommendations could have consequences on some of Google’s main businesses, which depend on consumer profiling for the targeting of advertising.
Jeff Gould, the president of SafeGov, a San Francisco-based group representing companies that sell software and hardware to governments, said Google’s privacy policy is very similar to that used by Microsoft and Facebook. Jeff Gould, the president of SafeGov, a group based in San Francisco representing companies that sell software and hardware to governments, said Google’s privacy policy is very similar to that used by Microsoft and Facebook.
“Their approach is that we can take anything we learn from you from our services to build a profile of a user to serve targeted ads,” Mr. Gould said in an interview. “My view is that is a completely legitimate model if you give the consumer the opportunity to opt out.”“Their approach is that we can take anything we learn from you from our services to build a profile of a user to serve targeted ads,” Mr. Gould said in an interview. “My view is that is a completely legitimate model if you give the consumer the opportunity to opt out.”
Google’s current privacy policy requires users to accept it before being able to use the full range of services, Mr. Gould said.Google’s current privacy policy requires users to accept it before being able to use the full range of services, Mr. Gould said.
“The Europeans want Google to ask the user to give their consent explicitly and on a much more specific level, to permit the collection of data for targeted ads.”“The Europeans want Google to ask the user to give their consent explicitly and on a much more specific level, to permit the collection of data for targeted ads.”
“If Google did that responsibly, I don’t think it would kill their business,” Mr. Gould said. “But that is the 64,000 Terabyte question.”“If Google did that responsibly, I don’t think it would kill their business,” Mr. Gould said. “But that is the 64,000 Terabyte question.”
In the letter sent to Google, the European data regulators said Google’s new policy allowed the company to “combine almost any data from any services for any purpose.”In the letter sent to Google, the European data regulators said Google’s new policy allowed the company to “combine almost any data from any services for any purpose.”
“Google did not set any limits to the combination of data nor provide clear and comprehensive tools allowing its users to control it,” the letter said.“Google did not set any limits to the combination of data nor provide clear and comprehensive tools allowing its users to control it,” the letter said.
The regulators also noted that Google failed to tell the French investigators how long it kept certain kinds of data, despite being asked to.The regulators also noted that Google failed to tell the French investigators how long it kept certain kinds of data, despite being asked to.
The group asked Google to make several specific changes to give consumers more awareness and control over their data, including an interactive online presentation of how the data is used.The group asked Google to make several specific changes to give consumers more awareness and control over their data, including an interactive online presentation of how the data is used.
The regulators also asked Google to better explain the purposes for collecting data, and how data combined from its different services — which include YouTube, a search engine and the Google Plus social network — might be used.The regulators also asked Google to better explain the purposes for collecting data, and how data combined from its different services — which include YouTube, a search engine and the Google Plus social network — might be used.
It also called on the company to give people greater ability to opt out if they did not want their information used for a specific purpose.It also called on the company to give people greater ability to opt out if they did not want their information used for a specific purpose.
The request to Google comes as European antitrust regulators separately are investigating whether Google has used its search engine to favor its own services and through preferential rankings to put competitors at a disadvantage.The request to Google comes as European antitrust regulators separately are investigating whether Google has used its search engine to favor its own services and through preferential rankings to put competitors at a disadvantage.
The U.S. Federal Trade Commission is also preparing a recommendation that will ask the U.S. government to sue Google for its search engine practices.The U.S. Federal Trade Commission is also preparing a recommendation that will ask the U.S. government to sue Google for its search engine practices.
In Europe, Google has been under fire since it admitted in 2010 admitted that it had collected private data on individuals by secretly siphoning unencrypted Internet data that was broadcast from home WiFi routers, as Google cars drove by to take photographs for its Street View online map business. In Europe, Google has been under fire since it admitted in 2010 that it had collected private data on individuals by secretly siphoning unencrypted Internet data that was broadcast from home Wi-Fi routers, as Google cars drove by to take photographs for its Street View online map business.
Google at the time attributed the collection of WiFi data to a programmer’s error, but the computer engineer at the center of the project, who resided in California, has never publicly given his version of events. Last April, the Federal Trade Commission fined Google $25,000 for obstructing its investigation into the incident, although the regulator concluded that Google’s collection of WiFi data, while intentional, was not illegal. Google at the time attributed the collection of Wi-Fi data to a programmer’s error, but the computer engineer at the center of the project, who resided in California, has never publicly given his version of events. Last April, the Federal Trade Commission fined Google $25,000 for obstructing its investigation into the incident, although the regulator concluded that Google’s collection of Wi-Fi data, while intentional, was not illegal.
In Europe, a criminal and a civil investigation into Google’s WiFi data collection are still open in Germany, although most European countries have since dropped their complaints after Google apologized. In France, CNIL, which was the first European privacy agency to search the technology on Street View cars, fined Google €100,000, or $130,000, in 2011. In Europe, a criminal and a civil investigation into Google’s Wi-Fi data collection are still open in Germany, although most European countries have since dropped their complaints after Google apologized. In France, CNIL, which was the first European privacy agency to search the technology on Street View cars, fined Google €100,000, or $130,000, in 2011.
Mr. Kohnstamm, who also serves as chairman of the Article 29 panel, said by telephone that privacy regulators in all 27 European Union countries, plus Canada and some countries in Asia, had participated in the CNIL inquiry and had endorsed the request to Google, which outlines areas for changes to improve protection of personal data. Mr. Kohnstamm, who also serves as chairman of the European Commission’s top privacy panel, called the Article 29 Working Group, said by telephone that privacy regulators in all 27 European Union countries, plus Canada and some countries in Asia, had participated in the CNIL inquiry and had endorsed the request to Google, which outlines areas for changes to improve protection of personal data.
Mr. Kohnstamm had asked Google in a letter on Feb. 2 to postpone its new privacy policy so European regulators could investigate its effects on privacy. But Google declined.Mr. Kohnstamm had asked Google in a letter on Feb. 2 to postpone its new privacy policy so European regulators could investigate its effects on privacy. But Google declined.
“We are hoping that this time Google will listen to us,” Mr. Kohnstamm said.“We are hoping that this time Google will listen to us,” Mr. Kohnstamm said.
Eric Pfanner contributed reporting from Paris.Eric Pfanner contributed reporting from Paris.