Google merges privacy policies and data across services


In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining personal data and Google+ information to create "social search" that would better understand the user's intentions. 

Critics objected, however, that even though some might welcome the new approach, users were given no chance to opt out of these cross-service uses of their data, or to pick and choose which data they wanted integrated. Consumer Watchdog and the Privacy Rights Clearinghouse filed a complaint with the US Federal Trade Commission arguing that Google's policy change was highly deceptive and violated Google's 2011 consent decree with the FTC. In Europe, the French data protection regulator, CNIL, led an investigation on behalf of the 27 EU member countries, and ruled that Google was not in compliance with the EU's legal framework. Among other complaints, CNIL said it believed that Google had placed no limit on the scope of collection or the uses of the data, and that users were unable to determine or control the kinds of data being processed or the purpose of doing so. After the company failed to make the requested changes, CNIL fined the company €150,000 and required the company to add a notice to its website stating that it had been fined for violating France's privacy laws. In 2013, Spain cited the condensed privacy policies as one of three separate complaints about Google's behaviour, for which it fined the company €900,000 in aggregate. In 2014, the Dutch regulator threatened the company with a €15 million fine if it did not update its privacy policy by February 2015. In 2015, the UK's Information Commissioner ruled that Google was "too vague" and ordered the company to make substantial changes by June 2015 although it imposed no fines; the company agreed that for the next two years it would subject any further privacy policy changes to user testing.

tags: Google, privacy policies, EU, France, CNIL, 

Writer: Ian Paul, Frederic Lardinois, BBC, James Temperton

Publication: PC World, TechCrunch, BBC, Wired

See more examples
Related learning resources
Target Profile